Sei sulla pagina 1di 123

“Every Contact Leaves a Trace”: Computers Forensics and Electronic Textuality [PDF] April 2005

13th Annual Computer Security Incident Handling Conference (FIRST) [PDF]

2005 E-CrimeWatch Survey [PDF] 2005
21st Century Forensics: Searching for the 'Smoking Gun' in Computer Hard Drives [PDF] 2003
5 Common Mistakes in Computer Forensics [PDF] January 2004
5 Ways to FIRE up Your Incident Response and Forensic Environment - Registration Required [Audio, and Slides in PDF] May
5 Ways to FIRE up Your Incident Response and Forensic Environment [Audio and PDF] May 2003
6 on Forensics [PDF] 2002 - 2005
A bit of help if you've just been broken into (from 2000
A bit of help recovering a deleted file under Unix (from 2000
A Brief History of Computer Forensics [PDF Presentation]
A Brief Intro to End-to-End Digital Investigation [PDF Presentation] July 2003
A Brief Introduction to Cyber Forensic Analysis [PDF Presentation] July 2003
A Case for Forensics Tools in Cross-Domain Data Transfers [PDF] August 2002
A case study in security incident forensics and response (Part 1) March 2001
A case study in security incident forensics and response (Part 2) [Author: John Desmond] April 2001
A Comprehensive Approach to Digital Incident Investigation [PDF] 2003
A Computer Forensic Methodology for Ireland [Word document] July 2003
A correlation method for establishing provenance of timestamps in digital evidence [PDF] August 2006
A Crash Course in Digital Forensics [PDF Presentation] June 2006
A Critical Evaluation of the Treatment of Deleted Files in Microsoft Windows Operation Systems [PDF] 2005
A cyber forensics ontology: Creating a new approach to studying cyber forensics [PDF] August 2006
A Day of Cyber Investigation [HTML Presentation] April 2000
A Digital Investigation Process Model (Poster) [PDF] 2004
A Forensic Tool Validation of the Coroner's Toolkit's mactime [PDF] 2003
A Formalization of Digital Forensics [PDF] Fall 2004
A Framework for Digital Forensic Science [PP Presentation] August 2004
A Framework of Distributed Agent-based Network Forensics System [PDF Presentation] August 2004
A Graphic Picture of Crime September 2002
A Graphical Representation of File Statistics for Computer Forensics [PDF] 2004
A Guide to Investigation and Prosecuting cases involving Hacking and the Computer Underground [Word doc] April 2004
A Hardware-Based Memory Acquisition Procedure for Digital Investigations [PDF] 2003
A Hierarchical, Objectives-Based Framework for the Digital Investigations Process [PDF] August 2004
A Hypothesis-Based Approach to Digital Forensic Investigations [PDF] March 2005
A Lessons Learned Repository for Computer Forensics [PDF] August 2002
A Lessons Learned Repository for Computer Forensics [PP Presentation] August 2002
A Mechanism for Automatic Digital Evidence Collection on High-Interaction Honeypots [PDF & PP Presentations] June 2004
A Method for Forensic Previews March 2005
A New Approaches to Complex Digital Investigations [PP Presentation] December 2004
A Novel Approach to Computer Crime May 2001
A Palmtop For The Prosecution October 2002
A Police Officer’s Guide: Seizure, Handling and Storage of Computer Evidence [PDF]
A Preliminary Examination of Tool Markings on Flash Memory Cards [PDF] 2004
A Recursive Session Token Protocol For Use in Computer Forensics and TCP Traceback [PDF] 2002
A strategy for testing hardware write block devices [PDF] August 2006
A survey of forensic characterization methods for physical devices [PDF] August 2006
A System for Collection, Storage, and Analysis of Multi-platform Computer System Data November 2003
A Ten Step Process for Forensic Readiness [PDF] Winter 2004
A Triad of Collaboration: Internet-Related Investigative Considerations Prior to the Computer Forensic Application [PDF] Novem
A Typology of Online Child Pornography Offending [PDF] July 2004
A very high level article aimed at the average computer user.
A Web Service for File Fingerprints: The Goods, the Bads, and the Unknowns [PDF] 2003
Academic Search and Seizure: An Update [PDF] October 2005
AccessData Certified Examiner Study Guide [PDF] June 2006
Accessing the System BIOS on Various Computers
Accompanying PP Presentation
Acquisition & Seizure Procedure [PP Presentation] 2005
Additional materials: Physical Memory Forensics Movies - 15 MB [Zipped]
Advanced Antiforensics [txt] August 2005
Advanced Forensic Concepts [Zipped PP Presentation & Handouts] August 2005
Advanced Packet Analysis [PDF Presentation] October 2002
Advances in Data Hiding Effects on Computer Forensics [Zipped PDF] October 2002
Adventures in Computer Forensics [PDF] September 2001
Adversary Modeling to Develop Forensic Observables [PDF] August 2004
AFF: A New Format for Storing Hard Drive Iamges [PDF] February 2006
AFIRM (Active Forensic Intelligent Response Method) [PDF]
After Conversation - An Forensic ICQ Logfile Extraction Tool [PDF] September 2005
AGEC Issues Paper: Evidence and the Internet [PDF] September 2000
Algorithms to Enable Forensic Analysis of Computer and Network Intrusions [PDF] Spring 2006
All Publications
Also available:
Alternate Data Streams in Forensic Investigations of File Systems Backups [PDF] May 2006
Alternate Download Site
Alternate Link
Alternate Link
Alternate Link & USB image used during the workshop
Ambiguities in US law for investigators [PDF] April 2004
An Advanced Forensics Format: An Open, Extensible Format for Disk Imaging [PDF] March 2006
An Analysis of Disk Carving Techniques [PDF] March 2005
An Analysis of Linux RAM Forensics [PDF] March 2006
An Analysis of the Integrity of Palm Images Acquired with PDD [PDF] 2004
An Attorney’s Brief Guide to Dating (Computer File Dating That Is) 2005 (from
An Automatic System for Collecting Crime Information on the the Internet 2000
An Emerging Challenge For Law Enforcement December 1999 Article contains a list of Computer Evidence Processing Steps.
An empirical study of automatic event reconstruction systems [PDF] August 2006
An Evaluation of Image Based Steganography Methods [PDF] Fall 2003
An Event-Based Digital Forensic Investigation Framework [PP Presentation] August 2004
An Examination of Digital Forensic Models [PDF] Fall 2002
An Example of Mobile Forensics [PP Presentation] 2005
An Experiment in Forensics Reveals Attacker's Techniques
An Exploration of Future Anti-Forensic Techniques [PDF] 2005
An Extended Model of Cybercrime Investigations [PDF] Summer 2004
An Historical Perspective of Digital Evidence: A Forensic Scientist’s View [PDF] Spring 2002
An Improved Protocol for the Examination of Rogue WWW Sites [PDF] July 2003
An Introduction to Computer Forensics [PDF] April 2006
An Introduction to Computer Forensics: Gathering Evidence in a Computing Environment [PDF] June 2001
An Introduction to Forensic Readiness Planning [PDF Presentation] May 2005
An Introduction to Linux as a Tool for Digital Investigation and Analysis
An Introduction to The Coroners Toolkit [PDF] January 2001
An introduction to Windows memory forensic [PDF] July 2005
An Investigation into Computer Forensic Tools [PDF] July 2004
An investigation into the efficiency of forensic erasure tools for hard disk mechanisms [PDF] September 2005
An Investigation of Computer Forensics 2004
An Investigator’s Guide to File System Internals (From [PDF Presentation] June 2002
An open architecture for digital evidence integration [PDF] May 2006
An Overview and Analysis of PDA Forensic Tools [PDF] April 2005
An Overview of Disk Imaging Tool in Computer Forensics [PDF] September 2001
An Overview of Steganography for the Computer Forensics Examiner July 2004PDF versionfrom Gary Kessler's Homepage
Analysing E-mail Text Authorship for Forensic Purposes [PDF] March 2003
Analysing Privacy-Invasive Software Using Computer Forensic Methods [PDF] January 2006
Analysis of a Compromised Honeypot
Analysis of Computer Forensics [PDF] March 2002
Analysis of hidden data in NTFS file system [PDF] March 2006
Analysis of the ATA Protected Area [PDF] July 2003
Analytic & Forensics Technologies [PDF Presentation] June 2006
Analyze all available information to characterize an intrusion.
Analyze This! Network forensics analysis tools (NFATs) reveal insecurities, turn sysadmins into systems detectives.
Analyzing a computer intrusion takes significantly more time than it takes the perpetrator to commit the crime. The more prepar
Analyzing Exchange and mbox e-mail files using Free and Open Source Software December 2005
Analyzing Log Files November 1998
Analyzing the Difficulties in Backtracking the Onion Router's Traffic [PDF]
And You Thought DELETE Meant DELETE! September 2000
Animated Hard Drive Recovery & Physical Rebuilds [Flash Presentation] August 2006
Anti Forensics [PP Presentation] June 2004
Anti-Forensics [PDF Presentation] April 2006
Anti-Forensics [PP Presentation] September 2005
Antiforensics: The Looming Arms Race May 2003
Antiforensics: Trends and Emerging Technology [PDF Presentation] November 2003
Anti-Hacker Toolkit
Application Of Formal Methods To Root Cause Analysis of Digital Incidents [PDF] Summer 2004
Applying Advanced Technology to Digital Evidence [PDF] 2003
Apprehending The Computer Hacker: The Collection and Use of Evidence
Architectural Innovations for Enterprise Forensics [PDF] November 2003
Arriving at an anti-forensics consensus: Examining how to define and control the anti-forensics problem [PDF] August 2006
Article I - Preliminary Matters
Article II - Challenges and Sanctions
Article III- Preserving Evidence
Article IV - Obtaining Evidence: Interception & Surveillance
Article IX - Processing and Analyzing Evidence
Article V - Undercover Operations and Informants
Article VI - Obtaining Evidence: Production Orders
Article VII - Obtaining Evidence: Search and Seizure
Article VIII - Post-Collection Procedures
Article X - Reimbursement and Return of Property
Article XI - Using Evidence
Audit trails are vital for post-compromise investigations November 2002
Audit Trails in Evidence: Analysis of A Queensland Case Study [RTF document] December 2003
Auditing and Event Correlation [PDF]
Auditing Cisco Routers [PDF Presentation] 2004
Auditing Cyber Crime [Zipped PDF Presentation] March 2005
Auditing Tools for Use in Forensic Investigations [PDF Presentation] February 2005
Australian Computer Crime and Security Survey [PDF] May 2005
Authenticating Evidence of Internet Chat Room Logs Recovered From A Hard Drive
Authorship Analysis in Cybercrime Investigation [PP Presentation] 2003
Automated Analysis for Computer Forensics [PDF Presentation]
Automated Analysis for Digital Forensic Science [PDF] 2002
Automated Analysis for Digital Forensic Science: Semantic Integrity Checking [PDF] December 2003
Automated diagnosis for computer forensics [PDF] August 2001
Automated Digital Evidence Target Definition Using Outlier Analysis and Existing Evidence [PDF] August 2005
Automated Log Processing [PDF] December 2002
Automated Reassembly of Document Fragments via Context Based Statistical Models [PDF] December 2003
Automated Reassembly of Fragmented Images [PDF] 2003
Automatically Creating Realistic Targets for Digital Forensic Investigation [PDF Presentation] August 2005
Automatically Creating Realistic Targets for Digital Forensic Investigation [PDF] August 2005
Automating Case Reports for the Analysis of Digital Evidence [Abstract & PDF] September 2005
Automating Forensics (Honeynets and Digital Forensics) [PP Presentation] August 2004
Autopsy [PDF] January 2005 Computer Forensics Using Knoppix STD tool Autopsy
Autopsy and Sleuthkit, the Digital Forensics Toolkit - The Tracker Dog’s Guide [PDF] November 2003
Autopsy of a successful intrusion (well, two actually) October 2002
Backtracking Intrusions [PDF] October 2003
Backtracking Intrusions [PP Presentation] October 2003
Banking Scam Revealed November 2003
Basic Computer Forensic Concept [PDF Presentation] January 2005
Basic Computer Forensic for the Private Investigator [PP Presentation]
Basic Considerations in Investigating Computer Crime, Executing Computer Search Warrants and Seizing High Technology Eq
Basic Media Analysis & The Sleuth Kit / Autopsy [PDF Presentation] 2004
Basic Steps in Forensic Analysis of Unix Systems
Basic Windows Intrusion Detection and Forensics September 2003
Basics of Computer Forensics [PP Presentation] November 2003
Bates Numbering - What’s in a number anyway? [PDF] July 2002
BCS Comments on Proposals for Registration of Digital Evidence Specialists January 2004
Be Prepared for Computer Forensics February 2002
Becoming a Forensic Investigator [PDF] August 2004
Begin a forensics investigation with WinHex December 2004
Beginners Guide to Linux Forensics [PDF] June 2005
Behavior Profiling of Email [PP Presentation] 2003
Best method of preserving volatile evidence in RAM
Best Methods for Forensic Investigators when Encountering Windows Encrypted Content [PDF Presentation] November 2003
Best Practices for Computer Forensics [PDF] July 2006
Best Practices for Handling of Electronic Evidence [PDF Presentation] September 2003
Best Practices For Seizing Electronic Evidence version 1.0 June 2000
Best Practices For Seizing Electronic Evidence version 2.0 [PDF]
Best Practices: Collecting Computer Forensic Evidence January 2004
Beware: Computer Evidence Quicksand February 2001
Beyond Data about Data: The Litigator's Guide to Metadata [PDF] 2005
Beyond the Usual Suspects - Finding Data in Secret Spots November 2002
Biatchux: A New Tool for Incident Response [PDF] April 2002
Biometrics and Digital Evidence [PDF]
Blackhat Asia [PDF Presentation] 2003
Blackhat Europe [PDF Presentation] 2004
Bleeding-Edge Anti-Forensics [PP Presentation] April 2006
Bluepipe: A Scalable Architecture for On-the-Spot Digital Forensics [PDF] Summer 2004
Bootable CD-Rom Linux Security Toolkits [PDF Presentation] September 2003
Bootable Linux Demo Distro - Knoppix Thread started August 2002
Botnets as a Vehicle for Online Crime [PDF] December 2005
Breaking the Performance Wall: The Case for Distributed Digital Forensics [PDF] August 2004
Bridging the Divide: Rising Awareness of Forensic Issues amongst Systems Administrators [PDF] Abstract 2002
Bridging the Divide:Rising Awareness of Forensic Issues amongst Systems Administrators [Presentation in Adobe Acrobat] 200
Bring Out Your Dead January 2001
Bringing the Cyber-Criminal to Justice: An Essay for the Technologically Impaired 1997
Bucking Conventional Forensics Wisdom April 2002
Building a Business Case for Computer Forensics [PDF]
Building a Computer for Forensics [Word doc]
Building a Computer Forensics Education Program [PDF Presentation] April 2004
Building a Computer Forensics Laboratory [PDF]
Building a Forensic PC [PDF Presentation] November 2005
Building a Jump Kit [From] January 2002
Building a Linux-Based Computer Forensics Lab [PDF Presentation] January 2004 (from
Building a Low Cost Forensics Workstation [PDF] April 2003
Building a Super Kernel for Data Forensics [PDF] March 2002
Building Evidence Graphs for Network Forensics Analysis [PDF] December 2005
Building FBI computer forensics capacity: one lab at a time [PDF] August 2004
Burglar Alarms for Detecting Intrusions [PDF] 2000
Business Drivers for Creating an Incident Response Process and Conducting Digital Forensics Investigations [PDF] July 2005
Byteprints: A Tool to Gather Digital Evidence [PDF] February 2005
Calling the CyberCops: Law Enforcement and Incident Handling April 2000
Can Computer Investigations Survive Windows XP? [PDF] December 2001
Can digital detectives undo paper shredding? [PDF]
Can Digital Evidence Endure the Test of Time? [PDF] August 2002
Can You Survive a Cybercrime?
Carvdawg's Perl Page
Case Forms [PDF]
Case Studies [PDF] August 2005
Case Studies in Implementing Packet-Level Analysis-based Security Solutions [PDF Presentation] October 2002
Case Study of Insider Sabotage: The Tim Lloyd/Omega Case [PDF]
Case Study: Using Security Audits as an adjunct to Computer Forensics [PDF Presentation] 2004
Case-Relevance Information Investigation: Binding Computer Intelligence to the Current Computer Forensic Framework [PDF]
Cases Involving Encryption in Crime and Terrorism May 1997
Catch Me If You Can: Exploiting Encase, Microsoft, Computer Associates, and the rest of the bunch... [PDF Presentation] July
CATCH Project Description [PDF]
Catching Intruders with SNARE [Honeypot] [PDF Presentation] April 2003
Categories of digital investigation analysis techniques based on the computer history model [PDF] August 2006
Caught in the 'Net' - How Law Enforcement Uses Computer Forensics in Modern Investigations March 2003
Cell Phone Forensic Tools: An Overview and Analysis [PDF] October 2005
Cell Phone Forensics [PDF] February 2006
CERT Training and Education
Challenges for Law Enforcement in Forensics [PDF Presentation] February 2005
Challenges in Forensic Computing December 2005
Challenges of Forensic Investigations Under Corporate Environment [PDF Presentation] June 2006
Challenges Posed by Digital Evidence [PDF] October 2004
Challenges to Digital Forensic Evidence [PDF Presentation] February 2006
Chapter 1 - Digital Evidence and Computer Crime [PDF] 2004
Chapter 1 [PDF] Insiders and Outsiders: Examples from the FBI files
Chapter 1: Computer Forensics and Incident Response Essentials [PDF]
Chapter 1: Computer Hardware [PDF] March 2006
Chapter 1: The Need for Computer Forensics [PDF] November 2004
Chapter 1: Windows Live Response [PDF] August 2005 Select 'Sample Chapter'Alternate Link
Chapter 10: [PDF] Computer System Storage Fundamentals
Chapter 11 [PDF] Initial Response to Unix Systems
Chapter 11. Incident Response
Chapter 11: Honeypot Data Analysis [PDF] June 2005
Chapter 16 - Digital Evidence on Physical and Data-Link Layers [PDF] 2004
Chapter 2: [PDF] Introduction to the Incident Response Process
Chapter 2: The Players - Hackers, Crackers, Phreaks, and Other Doodz [PDF] 2004
Chapter 3 The Liturgical Forensic Examination: Tracing Activity on a Windows-Based Desktop[PDF]
Chapter 3: If He Had Just Paid the Rent [PDF] August 2004Alternate Link
Chapter 6 - Modes of Data Insertion and Acquistion [PDF] 2002
Chapter 6 Learning Network Protocols and Performing a Trap and Trace
Chapter 7: The Persistence of Deleted File Information [PDF] December 2004
Chapter 7: Understanding Cybercrime Prevention [PDF]
Chapter 8 from electronic booklet"Dealing with White Collar Crime"
Chapter 8: Using the Forensic Server Project [PDF] July 2004
Chasing Headers - Tracking the Origin of Email Through Header Data [Presentation in PDF] August 2003
Checking Microsoft Windows® Systems for Signs of Compromise [PDF] October 2004
Child Abuse, Child Pornography and the Internet [PDF] December 2003
Child Pornography and the Net [PDF] 1999
Choosing Hardware for a Computer Forensics Lab [PDF] March 2006
CIO Cyberthreat Response & Reporting Guidelines [PDF]
CIOIM Supplement: Digital Officer Safety [PDF]
Cisco Router Forensics [PP Presentation] July 2002
Cisco Router Forensics Checklist [Zipped file] July 2002
Clean Delete [PDF Presentation] April 2006
Client-side Exploits: Forensic Analysis of a Compromised Laptop [PDF] June 2004
Collecting And Preserving Electronic Media [PDF] 2004
Collecting and Preserving Evidence after a System Compromise [PP Presentation] 2000
Collecting Digital Evidence from Intrusion Detection Systems [PP Presentation] Spring 2002
Collecting Electronic Evidence After a System Compromise April 2001
Collecting Evidence from a Running Computer: A Technical and Legal Primer for the Justice Community [PDF] August 2006
Collecting Evidence from Providers [PDF] August 2002
Collecting Forensic Evidence [PDF Presentation] June 2004
Collecting Forensic Evidence [PDF Presentation] May 2005
Collection and Control of Electronic Evidence [PDF] 2000
Combating Computer Crime [PDF] September 2001
Combating High-Tech Crime in California: The Task Force Approach [PDF] June 1997
Combating Online Software Piracy in an Era of Peer-to-Peer File Sharing [PDF] August 2004
Combining Cisco NetFlow Exports with Relational Database Technology for Usage Statistics, Intrusion Detection, and Network
Compelling Production of Hard Drives [PDF] Spring 2006
Complete Delete and other Patterns for Information Eradication [PDF Presentation] October 2005
Compliance and Computer Forensics [PDF] September 2005
Compliance, Response, and the Technology that Drives Them [PDF Presentation] October 2004
Computer & Insider Crime: Problems & Solutions [PP Presentation] February 2004
Computer & Network Forensics [PDF Presentation] August 2005
Computer & Network Forensics [PP Presentation] 2002
Computer & Network Forensics; Best Practices and Lessons Learned [PP Presentation]
Computer and Network Forensics (CNF) Project Homepage
Computer and Network Forensics as an Integral Component of the Information Security Enterprise [PP Presentation] 2003
Computer and Network Investigations [PP Presentation] September 2005
Computer Based Forensics - A Case Study - U.S. Support to the U.N. [PDF Presentation] November 1996
Computer Cop Prophile
Computer Crime & the Use of Computers in Crime
Computer Crime and Computer Fraud [PDF] Fall 2004
Computer Crime and Forensics [PP Presentation] February 2003
Computer Crime Investigation & Computer Forensics [PDF]
Computer Crime Investigation and Computer Forensics
Computer Crime Investigations: A Lo-Tech Practical Approach [HTML and PP Presentation versions] October 2000
Computer Crime Investigator's Toolkit January 2001 Parts I, II, III and IV
Computer Crime Manual (excerpt) [PDF] January 2005
Computer Crime Point-of-Contact (CCPC) list A list of people responsible for investigating and prosecuting cybercrime in their p
Computer Crime, Response and Investigation [PP Presentation] 2002
Computer Crimes and Digital Evidence [PP Presentation] 2002 (from
Computer Discovery and Risk Control: What’s Lurking on Your Computer System? (Pages 10 - 18) [PDF] 2001
Computer Evidence - Collection and Preservation and Submission [PDF Presentation] October 2005
Computer Evidence [PDF] December 2001
Computer Evidence Comes Of Age
Computer Evidence May 2001
Computer Evidence Processing
Computer Evidence Processing Step 1 -- Seizure of the Computer
Computer Evidence Processing Steps
Computer Forensic - A Technological Perspective [PDF] March 2002
Computer Forensic Guidance [PDF]
Computer Forensic Investigation for XYZ Company [PDF] July 2005
Computer Forensic Investigation Standard Operating Plan [PDF] September 2005
Computer Forensic Investigations [Presentation in PDF] 2002
Computer Forensic Legal Standards and Equipment [PDF] December 2001
Computer Forensic Resources
Computer Forensic Science: A Methodology [Word Document] 2001
Computer Forensic Software in a Corporate Environment [PDF] June 2003
Computer Forensic Text Analysis with Open Source Software [PDF] June 2003
Computer Forensic Tool Testing at NIST
Computer Forensic Tools [PP Presentation] June 2004
Computer Forensics
Computer Forensics - (What You Don’t Know Can Hurt You!) [PDF Presentation] June 2003
Computer Forensics - A digital approach to Investigating Computer Crime [PDF Presentation] 2004
Computer Forensics – An Introduction [PP Presentation] December 2002
Computer Forensics - An Overview [PDF] February 2001
Computer Forensics - As part of a security incident response plan [PDF Presentation] June 2005
Computer Forensics - Detecting the Imprint [PDF] August 2002
Computer Forensics - Digging with a Digital Shovel [PDF] April 2005
Computer Forensics - Digging with the Digital Shovel [PP Presentation] 2006
Computer Forensics - Electronic Evidence
Computer Forensics - Handling an Incident [PDF Presentation] June 2005
Computer Forensics – Hiding in Plain Sight [PDF Presentation] November 2005
Computer Forensics - Integrating Technical and Procedural Tasks [PDF Presentation] November 2003
Computer Forensics - Problems and Solutions [PDF Presentation]
Computer Forensics - The FAQs, the Do’s and the Don’ts [HTML-framed Presentation]
Computer Forensics - The Legal Side of Incident Response [PP Presentation] April 2004
Computer Forensics - The Need for Diverse Tools [PP Presentation] March 2004
Computer Forensics – We’ve Had an Incident, Who Do We Get to Investigate? [PDF] March 2002
Computer Forensics "Top 10 List" - Things to Avoid [PDF Presentation]
Computer Forensics & Electronic Discovery [PDF Presentation]
Computer Forensics & Electronic Evidence [PP Presentation] September 2005
Computer Forensics & Ethical Hacking [PP Presentation] February 2004
Computer Forensics (presentation slides and notes) October 2000
Computer Forensics [and Divorce] [Word document] 2002
Computer Forensics [PDF Presentation]
Computer Forensics [PDF Presentation] 2003
Computer Forensics [PDF Presentation] August 2003
Computer Forensics [PDF Presentation] February 2005
Computer Forensics [PDF Presentation] June 2003
Computer Forensics [PDF Presentation] May 2005
Computer Forensics [PDF Presentation] November 2002
Computer Forensics [PDF Presentation] November 2005
Computer Forensics [PDF] April 2002
Computer Forensics [PDF] December 2001
Computer Forensics [PDF] January 2001
Computer Forensics [PDF] January 2005
Computer Forensics [PDF] March 2002
Computer Forensics [PDF] May 2001
Computer Forensics [PDF] November 2002
Computer Forensics [PP Presentation]
Computer Forensics [PP Presentation] 2002
Computer Forensics [PP Presentation] August 2000
Computer Forensics [PP Presentation] June 2002
Computer Forensics [PP Presentation] June 2005
Computer Forensics [PP Presentation] May 2005
Computer Forensics [PP Presentation] September 2001
Computer Forensics [PP Presentation] September 2003
Computer Forensics [Zipped PDF] September 2002
Computer Forensics 101 & Incident Response [PDF] October 2003
Computer Forensics 101 [PDF Presentation] 1999
Computer Forensics 101 [PDF Presentation] 2000
Computer Forensics 101 [PDF Presentation] 2001
Computer Forensics 101 [PDF Presentation] 2002
Computer Forensics 101 [PP Presentation] April 2004
Computer Forensics 101 [PP Presentation] May 2004
Computer Forensics Analysis
Computer Forensics Analysis Class Handouts August 1999
Computer Forensics Analysis October 2000 A step-by-step analysis of a compromised Unix box, detailing commands and switc
Computer Forensics and Cyber Investigations [PDF Presentation] 2004
Computer Forensics and Electronic Discovery [PDF Presentation] August 2006
Computer Forensics and Electronic Evidence--Reconstructing What Happened [PP Presentation] April 2005
Computer Forensics and First Response [PDF Presentation] April 2005
Computer Forensics and Privacy
Computer Forensics and the Arrest of BTK [PDF Presentation] November 2005
Computer Forensics and the ATA Interface [PDF] February 2005
Computer Forensics and the Law of Evidence (Hong Kong) [PP Presentation] May 2003
Computer Forensics Applied to Windows NTFS Computers [PDF] April 2005
Computer Forensics article (No title given) September 1997
Computer Forensics article September 1997
Computer Forensics as a Tool for Criminal Investigation [PDF Presentation] March 2004
Computer Forensics as an Integral Component of the Information Security Enterprise [PDF]
Computer Forensics Course Development [PP Presentation] April 2005
Computer Forensics Course Syllabus
Computer Forensics Education [PDF] July/August 2003
Computer Forensics for a Computer-based Assessment: The Preparation Phase [Abstract & PDF] June/July 2005
Computer Forensics for Attorneys [Presentation]
Computer Forensics for ISPs (20MB PDF file) [PDF Presentation] 2004
Computer Forensics For Law Enforcement [PDF] June 2006
Computer Forensics for Lawyers Who Can’t Set the Clock on their VCR
Computer Forensics for Litigation Support [PDF Presentation] May 2005
Computer Forensics for Non profits [PDF Presentation] May 2006
Computer Forensics Gear August 2001
Computer Forensics Glossary [PDF]
Computer Forensics in a LAN Environment [PDF] 1999
Computer Forensics in Litigation [PP Presentation] December 2005
Computer Forensics in Private Industry [PDF Presentation] November 2005
Computer Forensics in the 21st Century [PDF Presentation] June 2006
Computer Forensics in the Academic Environment [PDF Presentation] October 2004
Computer Forensics in the Campus Environment [PP Presentation] October 2005
Computer Forensics in the Classroom [PPT Presentation] 2006
Computer Forensics in the Global Enterprise [PDF] 2003
Computer Forensics in the Inspector General Environment [PDF Presentation
Computer Forensics in Virginia [PDF Presentation] September 2004
Computer Forensics JumpStart (Sample Chapter)
Computer Forensics Lab Investigation Report [Word doc] 2005
Computer Forensics Laboratory and Tools [PDF] June 2005 (Requires registration)
Computer Forensics Manual
Computer Forensics Methodologies [PDF Presentation] May 2005
Computer Forensics Methodologies for Fraud Investigations [PP Presentation] October 2005
Computer Forensics October 2002
Computer Forensics Part 1: An Introduction to Computer Forensics [PDF] April 2004
Computer Forensics Part 2: Best Practices [PDF] May 2004
Computer Forensics Primer [PDF Presentation] November 2003
Computer Forensics Procedures and Methods [PDF] 2005
Computer Forensics Processing Checklist [PDF]
Computer Forensics Reveals a Whole New Universe of Discoverable Information October 2001
Computer Forensics Search & Seizure: Challenges in Academe [PDF] February 2005
Computer Forensics Search and Seizure: Challenges in the Academe -An Update [PDF Presentation] October 2005
Computer Forensics Security Presentation [PP Presentation] November 2003
Computer forensics software, an introduction September 2004
Computer forensics tips help you monitor investigations September 2002
Computer Forensics, Investigations and Security
Computer Forensics: A Critical Need for Computer Science Programs (Requires purchase) [PDF] 2005
Computer Forensics: A Critical Process in Your Incident Response Plan [PP Presentation] July 2001
Computer Forensics: an approach to evidence in cyberspace [PDF]
Computer Forensics: An Emerging Practice in the Battle Against Cyber Crime [PDF] May 2003
Computer Forensics: an introduction 1997
Computer Forensics: An Issue of Definitions [PDF] 2003
Computer Forensics: Are Your Computers Free from Attacks and Problems? July 2005
Computer Forensics: Beyond the Buzzword [PDF] August 2002
Computer Forensics: Chain of Evidence Collection Tools Does Matter (page 3) [PDF] August 2005
Computer Forensics: Evidence Handling & Management [PDF - from] September 2002
Computer Forensics: Forensic Data Diving Using the Linux Operating System [PDF] July 2001
Computer Forensics: How to be a Cybercrime Detective [PDF Presentation] 2003
Computer Forensics: Incident Response Essentials 2001
Computer Forensics: Introduction to Incident Response and Investigation of Windows NT/2000 [PDF] December 2001
Computer Forensics: Meeting the Challenges of Scientific Evidence [PDF] December 2004
Computer Forensics: Overview [PDF Presentation] 2003
Computer Forensics: The Investigator's Perspective [PP Presentation] September 2000
Computer Forensics: The Issues and Current Books in the Field January 2002
Computer Forensics: The Key to Solving the Crime [PDF] October 2001
Computer Forensics: The Need for Standardization and Certification [PDF] Fall 2004
Computer Forensics: Toward Creating a Certfication Framework [PDF or PS] May 2005
Computer Forensics: Tracking the Cyber Vandals [PDF] October 2002
Computer Forensics: Training and Education [PDF]
Computer Forensics: What is Metadata, Why is it Significant, and How do you Deal with it? [PDF] September 2004
Computer Forensics; Collection, Analysis and Case Management using ProDiscover [Presentation in PDF] 2003
Computer Forensics; What You Need to Know [PDF Presentation] October 2004
Computer Incident Investigations: e-forensic Insights on Evidence Acquisition [PDF] May 2004
Computer Incident Response and Computer Forensics Overview [PDF] March 2001
Computer Intrusion Investigation Guidelines January 2001
Computer Investigations Computer Investigations in the UC System [PDF] February 2005
Computer Misuse Act of 1990 cases (with links to related articles)
Computer Search and Seizure Guidelines [PDF] Fall 2000
Computer Searches
Computer Searches and Seizures: Some Unresolved Issues March 2002
Computer Security Incident Response Guide December 2001
Computer Security Incident Response Planning [PDF] May 2001
Computer Security Incident Response Procedures: Do You Need One? You Bet You Do! [PDF] January 2005
Computer Sleuth - Beating down the evidence trail with computer forensics [PDF] April 2003
Computer Under the Microscope Images
Computer-Based Discovery and Risk Control [PDF Presentation] May 2004
Computer-Forensic Privacy Tools: A Forensic Evaluation [PDF] June 2005
Computer-Mediated Communications and Criminal Evidence [PDF] March 1999
Computer-Related Crime Impact: Measuring the Incidence and Cost [PDF] December 2003
Computers are like Filing Cabinets… Using Analogy to Explain Computer Forensics 2002
Computers Forensics [PP Presentation] June 2002
Computers hinder paper shredders February 2002
Computing forensics: a live analysis [PDF Presentation] April 2005
Conducting an Incident Post Mortem [PP Presentation] November 2003
Conducting Incident Post Mortems [PDF] April 2003
Conducting Investigations in Today's Electronic World [PDF Presentation] August 2005
Conference Proceedings: 1999 - 2002
Contacting Host Owners 2004
Content-Based Image Retrieval for Digital Forensics [PDF] February 2005
Cookie Dethroning.::DEMYSTIFIED Part A [PDF] October 2005
Cookie Dethroning.::DEMYSTIFIED Part B [PDF] October 2005
Cops Are from Mars, Sysadmins Are from Pluto: Dealing with Law Enforcement [PDF]
Copy, Paste and Reveal [PDF] February 2006
Coroner's Toolkit: An Introduction [PP Presentation]
Corporate Forensics Toolkit [PP Presentation] April 2004
Correlating Evidence [PP Presentation] August 2000
Correlating Log File Entries [PDF] November 2000
Correlation of complex evidences and link discovery [PDF] January 2003
Covert Channel Forensics on the Internet: Issues, Approaches, and Experiences [PDF] February 2006
Covert Channels: A Never Ending Challenge for Forensic Examiners [PDF Presentation] November 2003
Cracking the Cracking April 2002
Cracking Windows 2000 And XP Passwords With Only Physical Access [Word doc]
Craiger's Cyberforensic Commandline Cheatsheet (C4) [PDF] 2005
Creating a Cell Phone Investigation Toolkit: Basic Hardware and Software Specifications [PDF] August 2006
Creating a Computer System Incident Response Team [PP Presentation] July 2001 (from
Creating a Forensic Computer System: Basic Hardware and Software Specifications [PDF] August 2006
Creating A Forensic Computer System: Basic Hardware and Software Specifications [PDF] Updated July 2004
Creating an Incident Response Team [PP Presentation] April 2003
Creating Hash Sets Manually [PDF]
Criminal Computer Intrusion Unit [PDF Presentation] August 2005
Criminal Forensic Investigations Use of Supportive Presentation Tools In a Successful Investigation [PDF] May 2004
Criminal forfeiture and restriction-of-use orders in sentencing high tech offenders October 2004
Criminal Investigations in an Automated Environment [PDF] 1997
Cross-Drive Analysis and Forensics [PDF] November 2005
Cross-examination of the Computer Forensic Expert
Cross-Examination of the Computer Forensics Expert [PDF] 2004
Cryptography and Evidence [PDF]
CSI For The Home PC [PDF] 2004
CSI/FBI Computer Crime and Security Survey [PDF] 2005
CSI: Cyberspace Investigations, Evidence, And Forensics in the Digital World [PP Presentation] September 2005
CTOSE Project Results [PDF] October 2003
Cyber Attack Investigative Tools and Techniques [PP Presentation] May 2003
Cyber Crime and Cyber Terrorism [PDF] April 2002
Cyber Crime and E Cyber Crime and E-commerce [PDF] Discusses DESK : Digital Evidence Search Kit
Cyber Crime and the Courts - Investigation and Supervising the Information Age Offender [PDF] September 2001
Cyber crime and the Law; Where the Net meets the Node [HTML and PP Presentation] March 2000
Cyber Crime Evidence (Computers)
Cyber Crime: Labs and Investigations [PDF Presentation] 2003 (from
Cyber Crime: The Next Challenge An Overview of the Challenges Faced by Law Enforcement While Investigating Computer C
Cyber Crime: Theft of a Trade Secret [PDF Presentation] February 2004
Cyber Crimes & Cyber Forensics [PP Presentation] September 2005
Cyber Crimes [PP Presentation] May 2006
Cyber detectives: Collecting evidence for web crimes [PP Presentation] July 2002 (from
Cyber Evidence Collection..a Major Challenge to Law Enforcement in India January 2003
Cyber Forensics - Challenges and Tools [PP Presentation] 2005
Cyber Forensics - Challenges, Techniques and Tools [PP Presentation] 2005
Cyber Forensics - Intermediate Topics [PDF Presentation] August 2006
Cyber Forensics - The Basics [PDF Presentation] August 2006
Cyber Forensics - Windows Remnants [PDF Presentation] August 2006
Cyber Forensics [PP Presentation] February 2005
Cyber Forensics and C-DAC’s Forensic Tools [Word doc] 2005
Cyber Forensics Tools [PP Presentation] 2005
Cyber Forensics: A Field Manual for Collecting, Examining, and Preserving Evidence of Computer Crimes.Table of contents an
Cyber Forensics: A Military Operations Perspective [PDF] Summer 2002
Cyber Forensics: Are We There Yet? [PP Presentation] 2004
Cyber Forensics: Find Out What You Are Missing [PP Presentation] February 2005
Cyber Investigations [PP Presentation] October 2005
Cyber Security - the Laws that Protect your Systems and Govern Incident Response [PP Presentation] April 2003
Cyber Security Incident Response/Forensic Awareness for Managers [PP Presentation] 2003
Cyber Security Incident Response/Forensic Awareness for System Administrators [PP Presentation] 2003
Cyber Security Incident Response/Forensic Awareness for Users [PP Presentation] 2003
Cyber Security Tips New tips added regularly
Cyberclues - Making the Case for Using Computer Evidence September 2002
Cybercop April 2002
Cybercrime – Challenges to Enforcement of IPR [Word Document] (from
'Cyber-Crime & Digital Evidence' Seminar Materials [Several PDFs] November 2005
CyberCrime [HTML-framed Presentation] September 2001
Cybercrime and Computer Forensics [PDF Presentation] November 2005
Cybercrime and Computer Related Forensic Investigations [PP Presentation]
Cybercrime at Packet-Level Part 1 [PDF Presentation] October 2002
Cybercrime at Packet-Level Part 2 [PDF Presentation] October 2002
Cybercrime forensics [Zipped PS] 2003
Cybercrime in Canada [PDF Presentation] February 2005
Cybercrime in New Network Ecosystem: Vulnerabilities and New Forensic Capabilities [PDF] March 2004
Cybercrime: Incident Response and Digital Forensics
Cybercrime: Supporting Cyber Sleuths July 2001
Cybercrime: The Internet as a Crime Scene
Cyber-Criminals and Data Sanitization: A Role for Forensic Accountants [PDF] Summer 2005
Cyber-Investigation on Cyber-Crime [PDF Presentation] July 2001
Cybersleuthing for People Who Can't Set the Clock on Their VCR [PDF] 2003
Cybersleuthing solves the case January 2002
Cybersleuthing: A Guide to the Essentials of Computer Discovery [PDF Presentation] April 2005
Cyberspace Detectives Employ Intrusion Detection Systems and Forensics
Cyberstalking Investigation and Prevention
Data Archiving [PDF] April 2006
Data Capture..key challenge in Cyber Evidence Management January 2003
Data Disposal - Gone for Good [PDF Presentation] 2006
Data Disposal - Gone for Good [PDF Presentation] Fall 2005
Data Evidence Findings [PDF] April 2006
Data Forensics - The smoking gun may be a click away September 2004
Data Forensics [PDF] October 2003
Data Forensics for Legal Professionals [PP Presentation] March 2006
Data Forensics: "Analyzing the Tracks of an Intruder" or "Analyzing Administrative Responses to Log Anomolies" [PDF Presen
Data Forensics: In Search of the Smoking Gun March 2005
Data Forensics:. A Case for Routine Implementation [PDF Presentation] June 2005
Data Hiding and Recovery [PDF] April 2003
Data Hiding in Journaling File Systems [PDF] August 2005
Data Hiding on a Live System [PP Presentation] January 2004
Data Hiding Tactics for Windows and Unix File Systems May 2006
Data Integrity Within Computer Forensics [PDF] April 2006
Data Loss Causes
Data Mining Email April 2004
Data Mining Used Hard Drives - Thread started January 2003
Data Recovery [PP Presentation] May 2003
Data Recovery Software Tools: Today and the Future [PDF Presentation] September 2005
Data Reduction - Refining the Sieve [PDF] February 1996
Data Reduction For Streamlining E-Discovery [PDF Presentation] July 2004
Data Remanence in Semiconductor Devices August 2001
Data Validation Using The Md5 Hash
Database Forensics [PDF] April 2002
Database Record Extraction
Date, Time, and Time Zone Examination [PDF] April 2003
Day 3 : Computer Forensics I (On-line inspection)
Day 4 : Computer Forensics II (Off-line inspection)
DD and Computer Forensics - Deuce April 2001
DD and Computer Forensics August 2000
Decoy Systems: A New Player in Network Security and Computer Incident Response [PDF] Winter 2004
Defeating Forensic Analysis [PDF Presentation] May 2006
Defeating Forensic Analysis on Unix July 2002
Defeating Live Forensics in the Windows Kernel [PP Presentation] June 2006
Defend I.T.: Security by ExampleChapter 15 - Executive Fraud (Select Sample Chapter) [PDF] May 2004
Defending Against Misuse of Forensic Analysis Tools on Windows Systems [PDF] January 2004
Defending Cyber-Crime [PP Presentation] (from
Defensive Battle Stations In Network-Centric Warfare: Rapid-Response Cyber Forensics [PP Presentation] October 2003
Defining Digital Forensic Examination & Analysis [PP Presentation]
Defining Digital Forensic Examination and Analysis Tools [PDF] August 2002
Defining Event Reconstruction of Digital Crime Scenes [PDF] November 2004
Deleted files can be recovered 2006
Deleting Sensitive Information: Why Hitting Delete Isn’t Enough [PDF] March 2002
DERBI: Diagnosis, Explanation and Recovery from Computer Break-ins [PDF] January 2001
Design and Development of a Distance Education Paradigm for Training Computer Forensic Examiners December 1999 (from
Design and Implementation of a Remote Forensics System [PDF] May 2005
Design and Implementation of Zeitline: a Forensic Timeline Editor [PDF] August 2005
Design of a Digital Forensics Image Mining System [PDF] October 2005
Design of a Network-Access Audit Log for Security Monitoring and Forensic Investigation [PDF] November 2003
Designing a Computer Forensics Course for an Information Assurance Track [PDF] June 2004
Designing and Implementing a Computer Forensics Curriculum and Exercises [PDF Presentation] September 2005
Destroying Data ... is it possible April 2006
Detecting & Collecting Whole Disk Encryption Media [PDF Presentation] June 2005
Detecting and Removing Trojans and Malicious Code from Win2K September 2002
Detecting false captioning using common-sense reasoning [PDF] August 2006
Detection and Investigation of Compromised Hosts on Campus Networks [PDF Presentation] April 2006
Developing a Computer Forensics Team [PDF] July 2001
Developing a Framework for Evaluating Computer Forensic Tools [PDF] March 2003
Developing a Response Plan for Computer Forensics February 2002
Developing Computer Forensics Solutions for Terabyte Investigations [PDF Presentation] January 2005
Developing Corporate Policies in Support of Computer Forensics [PDF] July 2003
Development of a zero skills forensic laptop registration and identification tool [PDF] July 2005
Dialing for Evidence [PDF] Jan/Feb 2006
Digging for computer dirt April 2002
Digging Into Unlawful Email Messages [PP Presentation] September 2005
Digital "Evidence" May Not Be "Evidence" At All [PDF - Scroll down] February 2004
Digital Anti-Forensics: Emerging trends in data transformation techniques [PDF] May 2005
Digital Anti-Forensics: Real World Identification, Analysis & Prevention [PDF Presentation] July 2005
Digital Audit Trails and Their Importance in Computer Crime Investigations [PDF Presentation w/ notes] June 2003
Digital Data in the Enterprise: Do You Have it Under Control? [PDF Presentation] May 2006
Digital Discovery with Linux Bootable CDs [PDF Presentation] 2005
Digital Discovery: It’s more than email [Zipped PDF Presentation]
Digital Evidence & Computer Forensics [PDF Presentation] November 2004
Digital Evidence [PP Presentation] 2004
Digital Evidence Acceditation Winter 2004
Digital Evidence Acceditation: Part 2 February/March 2005
Digital Evidence and Computer Crime (Sample Chapters)
Digital Evidence Collection and Handling
Digital Evidence Collection Worksheet [RTF document]
Digital Evidence Impact on Investigations and Audits [PP Presentation] December 2003
Digital Evidence in Internet Time [PP Presentation] (from
Digital Evidence in Internet Time [Word Document] (from
Digital evidence obfuscation: recovery techniques [PDF] 2005
Digital Evidence Standards [PP Presentation] November 1999
Digital Evidence: Emerging Problems in Forensic Computing [PDF Presentation]
Digital Evidence: Emerging Problems in Forensic Computing [PP Presentation] May 2002
Digital Evidence: Standards and Principles April 2000
Digital Evidence: The Moral Challenge [PDF] Spring 2002
Digital Footprints: Assessing Computer Evidence [PDF] 2000
Digital Forensic [PDF] January 2004
Digital Forensic Analysis of E-Mails: A Trusted E-Mail Protocol [PDF] Spring 2004
Digital Forensic Reconstruction and the Virtual Security Testbed ViSe 2006
Digital Forensics - A Primer [PP Presentation] January 2005
Digital Forensics - Finding information that has been lost... [PDF Presentation] April 2004
Digital Forensics - Using Perl to Harvest Hash Sets [HTML Slideshow] June 2004
Digital Forensics [PDF Presentation] March 2006
Digital Forensics [PDF Presentation] May 2006
Digital Forensics [PDF Presentation] November 2003
Digital Forensics [PP Presentation] October 2005
Digital Forensics and Corporate Investigations [PDF Presentation & MP3] March 2006
Digital Forensics and Information Assurance - Education and Research [PDF] December 2003
Digital Forensics at a University [PDF Presentation] October 2005
Digital Forensics Curriculum Consortium [Word docs] 2006
Digital Forensics Laboratory Projects [PDF] May 2006 [Free - Registration Required]
Digital forensics of the physical memory [PDF] March 2005
Digital Forensics Research [PDF] June 2005
Digital Forensics Research in the United States [PDF] March 2006
Digital Forensics Using Hashsets - National Software Reference Library [HTML Slideshow] June 2004
Digital Forensics using Linux and Open Source Tools [PDF Presentation] September 2005
Digital Forensics: A Case Study April 2005
Digital Forensics: Crime Seen
Digital Forensics: Exploring Validation, Verification & Certification [PDF] August 2005
Digital Forensics: Sleuthing on Hard Drives and Networks [PDF] December 2005
Digital Forensics: Storage Media Primer
Digital Fraud Examination [PDF] 2005
Digital Imaging Procedure v1.0 [PDF] March 2002
Digital Incident Response, Forensics and Sanitization [PDF Presentation] July 2004
Digital Information, User Tokens, Privacy and Forensics Investigations: The Case of Windows XP Platform [PDF Presentation]
Digital Investigations and the Modern Legal Landscape [PDF Presentation] November 2005
Digital Media Forensics May 2000
Digital Media Investigations [PDF Presentation] August 2005
Digital Media Storage -- Facilities and Procedures [PDF] March 2005
Digital Music Device Forensics [PDF or PS] May 2005
Digital Photographs (in the courtroom) [PP Presentation]
Digital Privacy Considerations With the Introduction of EnCase Enterprise [PDF] 2003
Digital Search and Seizure [PDF] February 2006
Digital trail led to accused spy
Digital Warrants Language for a proposed California law dealing with computer search warrants.
Digitalevidence Integrated Management System [PDF] 2004
DIPL: The Digital Investigation Process Language [PP Presentation] November 2003
Directors & Corporate Advisors' Guide to Digital Investigations and Evidence [PDF] September 2005
Directors and Corporate Advisors’ Guide to Digital Investigations and Evidence [PDF] September 2005
Disabling Wireless Networks for Law Enforcement [PDF] June 2005
Disaster Recovery Planning with a Focus on Data Backup/Recovery [PDF] January 2001
Discovering passwords in the memory [PDF] November 2003
Discovering Relationships in Context: Inductive tools for forensic computing [PDF] June 2006
Discovery of Electronic Mail: The Path to Production [PDF] 2005
Discusses Alternate Data Streams
Discusses The Coroners Toolkit
Discusses Zert, a tool which allows you to image mobile phones and PDAs, produced by the Netherlands Forensic Institute (ht
Disk Cloning [PDF] Revised January 2005
Disk Forensics (using PyFlag) January 2005
Disk Sanitization and Cross Drive Forensics [PDF Presentation] September 2005
Dissecting Distributed Malware Networks [PP Presentation]
Dissecting NTFS Hidden Streams July 2006
Distributed Attacks and CISCO Net Flow Logs [PDF Presentation]
Distributed Cyber Forensics (pages 10-13) [PDF] Spring 2004
Do You Leave Sensitive Data Lying Around? November 2004
Documents and Meeting Materials 2004 - 2006
Dodging the Bullet: Cross-Examination Tips for Computer Forensic Examiners [PDF] 2005
DOE Cyber Forensics Laboratory: Program Briefing [PP Presentation] 2003
Domain Name Forensics: A Systematic Approach to Investigating an Internet Presence [PDF] November 2004
Dos and Don’ts for Digital Evidence June 2005
Do's and Don'ts of Forensic Computer Investigations September 2004
Downloading: Using Computer Software as an Investigative Tool June 1996
Downloads - Forms and Checklists
Downloads, Logs and Captures: Evidence from Cyberspace [PDF] 2000
Drive Math [Zipped Word Document] February 2002
Drive Translation (and second article AOL ART Files) [From] March 2000
Dusting for digital fingerprints [Word document] March 2005
Dynamic Time & Date Stamp Analysis [PDF] June 2002
eBanking Forensics
ECF - Event Correlation for Forensics [PDF] 2003 [PDF] Winter 2005
eDiscovery Combining Forensics with Data Management: Applying the “Key Players” concept of Zubulake [PDF Presentation]
e-Evidence Standard: Proving the integrity, reliability, and trust on electronic records [PDF] June 2002
Effective Data Searches [PDF] 2001
Effective Incident Response Teams: Two Case Studies [PP Presentation] April 2005
Efficient log authentication for Forensic Computing [PDF Presentation] June 2005
Electronic Crime - its not only the big end of town that should be worried [PDF] 2004
Electronic Crime: Trends, Collection, Analysis [PP Presentation] 2005
Electronic Data Discovery and Data Forensics - The Identification and Collection of Electronic Files [PDF Presentation] April 20
Electronic Data Discovery and Data Forensics [PDF Presentations] 2004
Electronic Data Discovery Unleashed [PDF]
Electronic Discovery [PDF Presentation] October 2005
Electronic Discovery and Computer Forensics [PDF] January 2004
Electronic Document Discovery: A Powerful New Litigation Tool
Electronic Evidence - Gathering and Presenting Electronic Data for Evidentiary Purposes [PP Presentation] October 2002
Electronic Evidence and Computer Forensics [PDF] October 2003
Electronic Evidence and Computer Forensics [PP Presentation] February 2004
Electronic evidence discovery: From high-end litigation tactic to standard practice [PDF] September 2000
Electronic Evidence in Criminal Defense [PDF Presentation] March 2006
Electronic Fingerprints: Computer Evidence Comes of Age
Electronic Forensics Education Needs of Law Enforcement [PDF] June 2004
Electronic Forensics May 2000
Email and Web Site Tracing [PDF Presentation] August 2005
E-mail and WWW browsers: A Forensic Computing Perspective on the Need for Improved User Education for Information Syst
E-Mail Discovery in Civil Litigation: Worst Case Scenarios vs. Best Practices [PDF] April 2004
Email Forensics - Who has user X been communicating with April 2005
Email Forensics [PP Presentation]
Email Tampering - This Time, The Good Guys Won [PDF] January 2002
Email traffic patterns can reveal ringleaders March 2003
E-mailed Death Threats: A Case Study... [PDF]
Embedding Forensic Capabilities into Networks: Addressing Inefficiencies in Digital Forensics Investigations [PDF Presentation
Emerging Problems in Forensic Computing [PP Presentation] May 2004
Emerging Technology: Taking A Byte Out Of Crime February 2001
ENCASE - A forensic computing utility that does it all (from
EnCase Base64 Processing
EnCase Computer Forensics--The Official EnCE : EnCase Certified Examiner Study Guide
Encase Decryption System [PDF]
EnCase Forensic Evidence Acquision and Analysis [PDF] June 2000
EnCase Test and Tutorial (from
Encase Version 5 Presentation [PDF Presentation] June 2006
EnCase: A Case Study in Computer-Forensic Technology [PDF] January 2001
Encountering Encrypted Evidence (potential) [PDF] June 2002
Encryption: Impact on Law Enforcment June 1999
Enforcement Techniques - Chapter 3 -Digital Evidence Gathering [PDF] April 2006
Enforcement Techniques - Chapter 3 -RFID Towards Digital Evidence [PDF Presentation] January 2006
Enscript v3 Tutorials
Ensuring the Reliability and Admissibility of Digital Evidence [PP Presentation] November 2004
Enterprise Forensics - Changing the Forensic Paradigm… [PDF Presentation] November 2005
Enterprise Investigations: Tools and Techniques [PDF Presentation] 2005
Error, Uncertainty and Loss in Digital Evidence [PDF] June 2002
Error, Uncertainty, and Loss in Digital Evidence [PP Presentation] February 2003 (from
E-Sleuthing and the Art of Electronic Data Retrieval - Uncovering Hidden Assets in the Digital Age: Part I [PDF - Local copy] Fe
E-Sleuthing and the Art of Electronic Data Retrieval - Uncovering Hidden Assets in the Digital Age: Part II [PDF - Local copy] M
E-Sleuthing and the Art of Electronic Data Retrieval - Uncovering Hidden Assets in the Digital Age: Part III [PDF - Local copy] A
Ethereal: Analysis on a Budget [PDF Presentation] May 2005
Evaluating Commercial Counter-Forensic Tools [PDF] August 2005
Evaluating the Capacity to Respond to E-Crime [PDF] 2000
Evaluation of Intelligent Intrusion Detection Models [PDF] Summer 2004
Event Data Recorder Case Law
Event Sequence Mining to Develop Profiles for Computer Forensic Investigation Purposes [PDF] 2006
Everything You Need to Know About the Destruction of Information on Computer Hard Drives [PDF Presentation] May 2006
Everything You Wanted to Know About Email Discovery, But Were Afraid to Ask [PDF] 2001
Everything Your Mother Should Have Told You About Write Blockers [PDF Presentation] June 2006
Evidence Collection and Data Seizure
Evidence Discovery in a Digital World [PP Presentation] February 2004 (from
Evidence Enhancing Technology - Bridging the Techno-Legal Gap with Secure Audit Logging [PDF] December 2003
Evidence gathering tools
Evidence investigation tools
Evidence on the Internet [RTF doc]
Evidence Preservation
Evidence Processing: Computer Autopsy
Evidence Seizure Methodology for Computer Forensics September 2000
Evidence With A Byte [PDF] 2002
Evidentiary Authentication Within the EnCase Enterprise Process [PDF] June 2003
Evidentiary Benefits of Write Once-Read Many ("WORM") Optical Disk Storage for Records Management [PDF] August 2000
Evidentiary Considerations for Collecting and Examining Hard-Drive Media [PDF] November 2001 (from
Evidentiary Value of Link Files March 2006
EWF Specification [PDF] 2006 Expert Witness Compression Format specification
Examination of Computer-Resident Evidence [PDF]
Examine a Unix Box for Possible Compromise
Examine a Unix Box for Possible Compromise 1999
Examining the Data - A beginners guide to computer-based evidence [PDF]
Examples of using DD within UNIX to Create Physical Backups
Excerpt from the News and Trends column of Security Management Online
Exchangeable Image File Format (ExIF) [PDF] October 2004
Exercise 1: Disk Imaging with Ghost
Exercise 2: Forensics with dd
Expert vs. Expertise: Computer Forensics and the Alternative OS July 2003
Expert Witness Compression Format Specification
Explanation of an IP Address Tracing [Word Document]
Exploring Data Generated by Computer Forensic Tools with Self-Organising Maps [PDF] February 2005
Ext2fs and forensics April 2006
Extending the Coroner's Toolkit via Aggregate Database [PDF] Spring 2004
Extracting Email IDs from IM Clients September 2002
Extracting forensic evidence from biometric devices [PDF] 2003
Extreme IP Backtracing [PP Presentation]
FAQ: Firewall Forensics (What am I Seeing?) June 2000
FARES: Forensic Analysis of Risks in Enterprise Systems [PP Presentation] June 2004
FastBloc (Guidance Software) Validation Document [PDF] July 2001
Fat/NTFS - The Wily Internals of Windows’s File Systems [PDF Presentation] November 2005
FATKit: Detecting Malicious Library Injection and Upping the “Anti” [PDF] July 2006
FBI Cyber Crime Program Philadelphia Division [PP Presentation] 2003 (from
FCCU GNU/Linux Forensic Boot CD [PDF Presentation] October 2005
Fight Crime and Improve Security with Data Mining [PP Presentation] February 2003
Fighting Cyber Crime in a Post-9-1-1 World: Yesterday, Today and Tomorrow [PP Presentation] April 2005
Fighting Online Software Piracy [PDF] August 2004
Fighting Online Software Piracy—What Works in 2005 [PDF] 2005
File Deletion in MS FAT Systems April 1999 (updated September 2002)
File Hound: A Forensics Tool for First Responders [PDF] August 2005
File Recovery Techniques December 2000
File Signatures Table
File Type Identification of Data Fragments by Their Binary Structure [PDF Presentation] June 2006
Fileprints: Identifying File Types by n-gram Analysis [PDF Presentation] June 2005
Filesystem and network acquisition and analysis tools [PDF Presentation] November 2005
Find the Email Header (from
Finding Digital Evidence in Physical Memory [PDF Presentation] January 2006
Finding Gold in the Browser Cache [PDF Presentation] August 2006
Finding the Right Computer Forensic Expert [PDF] May 2004
Finding the Right Computer Forensics Expert
Fingerprint Identification and Mobile Handheld Devices: An Overview and Implementation [PDF] March 2006
Fingerprinting Your Files August 2004
Finite State Machine Analysis of a Blackmail Investigation [PDF] May 2005
FIRE: Forensic & Incident Response Environment [PP Presentation] November 2003
FIRESTORM: Exploring the Need for a Forensic Tool for Pattern Correlation in Windows NT Audit Logs [PDF] November 2002
Firms increasingly call on cyberforensics teams January 2002
First Responder - Collection and preservation of evidence [PDF Presentation] January 2005
First Responders Guide to Computer Forensics [PDF] March 2005
First Responders Guide to Computer Forensics: Advanced Topics [HTML & PDF] September 2005
First Responder's Manual [PDF] May 2001
First Responders: Training Scene of Computer Crime Investigators [PDF] June 2002
FLUX: A Forensic Time Machine for Wireless Networks [PDF Presentation] April 2006
FLUX: A Forensic Time Machine for Wireless Networks [PDF] April 2006
Footprints in the Sand: Fingerprinting Exploits in System and Application Log Files October 2002
Forensic Accounting - the recorded electronic data found on Computer Hard Disk Drives, PDAs and numerous other Digital De
Forensic acquiring and analysis [PDF] 2003
Forensic acquisition and analysis of magnetic tapes [PDF] February 2005
Forensic Acquisition Utilities Revised August 2004
Forensic Analysis [PDF] November 2002
Forensic Analysis for Unix-Based Operating Systems [PDF] October 2005
Forensic Analysis in a Digital World Spring 2002
Forensic Analysis of a Compaq RAID-1 Array and Using dd with EnCase v3 September 2002 (from
Forensic Analysis of a Compromised Mac OS X (Client) Machine May 2002
Forensic Analysis of a Live Linux System, Part One March 2004
Forensic Analysis of a Live Linux System, Part Two April 2004
Forensic Analysis of a Windows 95 System [PDF] April 2002
Forensic Analysis of Digital Evidence from Palm Personal Digital Assistants [PDF] Fall 2004
Forensic Analysis of File System Intrusions using Improved Backtracking [PDF] February 2005
Forensic Analysis of Hacking Cases [PDF Presentation] September 2003
Forensic Analysis of Internet Explorer Activity Files [PDF] Revised May 2003
Forensic Analysis of Microsoft Internet Explorer Cookie Files [PDF] May 2003
Forensic Analysis of Microsoft Windows Recycle Bin Records [PDF] Revised May 2003
Forensic Analysis of Mobile Phones [PDF] October 2005
Forensic Analysis of Risks in Enterprise Systems [PDF] 2004
Forensic Analysis of the Windows Registry [PDF] April 2006
Forensic Analysis of Volatile Data Stores [PDF Presentation] August 2006
Forensic analysis of Windows hosts using UNIX-based tools [PDF] July 2004
Forensic Analysis using FreeBSD - Part 1 October 2002 (from
Forensic Analysis with F.I.R.E. (GCFA Practical Assignment) [PDF] May 2003
Forensic Analysis Without an IDS: A Detailed Account of Blind Incident Response [PDF] January 2002
Forensic Analysis: Windows Forensic Toolchest (WFT) [PDF] Updated May 2005 GCFA Practical Discussing WFT
Forensic and Anti-Forensic Computing [PDF] December 2002
Forensic and Log Analysis GUI [PDF Presentation] April 2005
Forensic and Log Analysis GUI Tutorial [PDF Presentation] January 2006
Forensic Auditing: The Role of Computer Forensics in the Corporate Toolbox January 1999
Forensic Challenges - Windows Encrypted Content [PDF Presentation] April 2006
Forensic Checklist [PDF]
Forensic Computer Analysis [PP Presentation] April 2003
Forensic Computer Analysis: An Introduction July 2001
Forensic Computer and Cybercrime Investigations [PDF] December 2001 (from
Forensic Computer Examination
Forensic Computer Examinations for Small to Medium Size Businesses [PDF Presentation] September 2005
Forensic Computer Investigation Brings Notorious Serial Killer BTK to Justice [PDF] November 2005
Forensic Computer Investigations & Data Recovery [PDF Presentation] January 2003
Forensic Computer Investigations [PDF] December 2000
Forensic Computer Investigations [PP Presentation] January 2000
Forensic Computing [PDF Presentation]
Forensic Computing [PDF] 2004
Forensic Computing [PP Presentation] November 1999
Forensic Computing 2003
Forensic Computing and Digital Evidence [PDF Presentation] November 2005
Forensic Computing as applied to the current practice of Medicine September 2004
Forensic Computing from a Computer Security Perspective [PDF] June 2004
Forensic Computing Theory & Practice: Towards Developing a Methodology for a Standardised Approach to Computer Misuse
Forensic Computing within the Crime and Misconduct Commission [PDF] 2004 (from
Forensic Computing... [PP Presentation] April 2005
Forensic Computing: "Catch Me if you can" [PDF Presentation] September 2004
Forensic Computing: A look at evidence and how to handle it October 1997
Forensic Computing: An Introduction to the Principles and the Practical applications [PDF] April 2002
Forensic Computing: Developing a Conceptual Approach for an Emerging Academic Discipline [PDF] 2001
Forensic Computing: Developing a Conceptual Approach in the Era of Information Warfare [PDF] 2001
Forensic Computing: Developing Specialist Expertise within the CS Curriculum [PDF] June 2006
Forensic Computing: What is it? [PDF Presentation] August 2004
Forensic Dead-Ends: Tracing Users Through Anonymous Remailers [PP Presentation] July 2002
Forensic Detectives January 2002
Forensic Discovery
Forensic Discovery (The Book)
Forensic Discovery [PDF Presentation] April 2003
Forensic Discovery [PDF Presentation] August 2005
Forensic DiscoveryComputer Aided Forensics (Poster) [PDF] 2004
Forensic Disk Imaging Using Linux [PDF] July 2005
Forensic Duplication and Analysis Using Encase
Forensic evidence testimony — some thoughts [PDF] February 2004
Forensic Examination [PP Presentation] July 2002 (from
Forensic Examination of a RIM (BlackBerry) Wireless Device [PDF] June 2002
Forensic Examination of a RIM (BlackBerry) Wireless Device [PP Presentation] September 2002
Forensic Examination of Internet Activity [PDF] July 2001
Forensic examination of log files [PDF] January 2005
Forensic examination of mobile phones [PDF] 2004 Volume 1 Issue 4 - Registration required
Forensic extraction of electronic evidence from GSM mobile phones [PDF Presentation] 2001
Forensic feature extraction and cross-drive analysis [PDF] August 2006
Forensic Feature Extraction and CrossDrive Analysis [PDF] May 2006
Forensic Fieldwork: Experience Is the Best Teacher [PDF]
Forensic Footprints: Investigations in Cyberspace [PDF] 2004
Forensic Implications of Biometric Devices and future identification management systems [PP Presentation] August 2005
Forensic Implications of Identity Management Systems [PDF] January 2006
Forensic Inspection of Hard Disks August 2002
Forensic investigation and its relationship with information assurance and corporate governance [PDF] 2005
Forensic Investigation Case Studies and Results [PDF Outline] 2006
Forensic Investigation of Data in Live High Volume Environments [Word doc] 2005
Forensic IT Investigations [PP Presentation] May 2003
Forensic Lab Development [PP Presentation] March 2006
Forensic Methodologies: A Computer Forensic Professional’s Compass! [PDF]
Forensic Overview [PP Presentation] April 2006
Forensic Overview [PP Presentation] July 2005
Forensic Plan - A technical guide to aid in the preservation of digital evidence following a computer security incident [PDF] July
Forensic Preparation Secure Business Quarterly 2001 [PDF]
Forensic Procedures
Forensic Process and Tricks [Word document]
Forensic Readiness - CanSecWest Conference [PDF Presentation] March 2001 (from
Forensic Readiness (Whitepaper) [PDF] July 2001 (from
Forensic Readiness [PDF Presentation] February 2006
Forensic Relative Strength Scoring: ASCII and Entropy Scoring [PDF] Spring 2004
Forensic Software Maker Gets Tough on Computer Crime July 2004
Forensic Software Tools for Cell Phone Subscriber Identity Modules [PDF] April 2006
Forensic Software Tools for Cell Phones [PDF Presentation] June 2006
Forensic Techniques for Investigating Network Traffic [PP Presentation] July 2002
Forensic tools (Group Test) August 2004
Forensic Tools and Processes for Windows XP [PDF Presentation] 2003
Forensic Tools and Processes for Windows XP Clients [PDF Presentation] October 2002
Forensic UNIX Initial Response Script and CDROM – Collect the evidence that will be lost by disconnection or shutdown [PDF]
Forensic Vulnerability Discovery And Analysis [PP Presentation] August 2002
FORENSICS - Loadable Kernel Modules [PDF]
Forensics & Data Recovery [PDF Presntation] Fall 2005
Forensics (Procedures)
Forensics [PDF Presentation] December 2003
Forensics [PP Presentation] 2001
Forensics and Active Protection [PP Presentation] March 2003
Forensics and Data Recovery [PDF Presentation] September 2005
Forensics and Linux [HTML Presentation] July 2003
Forensics and Privacy-enhancing Technologies - Logging and Collecting Evidence in Flocks [Abstract] 2005
Forensics and Privacy-Enhancing Technologies [PDF] 2005
Forensics and the Emerging Importance of Electronic Evidence Gathering [PDF] November 2001
Forensics and the GSM Mobile Telephone System [PDF] Spring 2003
Forensics for Advanced UNIX File Systems [PDF] 2004
Forensics for Critical Information Infrastructure Protection [PP Briefing] August 2004
Forensics For System Administrators [PDF] August 2005
Forensics in Fifteen [Flash Presentation] March 2006
Forensics in Fifteen [PP Presentation] April 2006
Forensics in the Field – The art of developing a computer forensics field deployment kit [PDF Presentation] June 2006
Forensics Lite [PDF] November 2001
Forensics of a Windows system [PDF Presentation] September 2005
Forensics on the Windows Platform, Part One January 2003
Forensics on the Windows Platform, Part Two February 2003
Forensics Wiki February 2006
Forensics with Linux 101 or How to do Forensics for Free [PDF Presentation] July 2003
Forensics, Fighter Pilots and the OODA Loop: The Role of Digital Forensics in Cyber Command and Control [PDF] August 200
Forensics: Data Trails and Detection [PDF Presentation] February 2006
Forensics: What to do after the Break-In [PDF Presentation] May 2002
Forensik Toolkits [PDF] 2003 (in German)
Forensix: A Robust, High-Performance Reconstruction System [PDF] June 2005
Forgetting to Lock the Back Door: A Break-in Analysis on a Red Hat Linux 6.2 Machine [PDF] August 2002
Formal Specification and Refinement of a Write Blocker System for Digital Forensics [PDF] November 2005
Formalisation of the Processing of Electronic Traces [PDF Presentation] June 2003
Formalising Event Time Bounding in Digital Investigations [PDF] Fall 2005
Formalizing Computer Forensic Analysis: A Proof-Based Methodology [PDF] 2004
ForNet: A Distributed Forensics Network [PDF Presentation] 2003
ForNet: A Distributed Forensics Network 2003
FORZA – Digital forensics investigation framework that incorporate legal issues [PDF] August 2006
FOSS Digital Forensics [PDF Presentation] June 2006
Foundations for Visual Forensic Analysis [PDF Presentation] June 2006
Foundations of computer forensics: A technology for the fight against computer crime [PDF] April 2005
FragFS: An Advanced Data Hiding Technique [PDF Presentation] January 2006
Free Tools for Investigating PC Hacks [PDF Presentation] November 2005
Freeware Forensics Tools for Unix November 2001
Freeware Forensics Tools November 2001
Frequently Asked Questions about The Coroner's Toolkit
From a Computer Forensics & Incident Response Perspective
From Events to Incidents [PDF] November 2001
from Gary Kessler's Homepage
FTP Attack Case Study Part I: The Analysis May 2002
FTP Attack Case Study Part II: The Lesson June 2002
Fundamentals of Storage Media Sanitation [PDF] June 2006
Gatekeeping Out Of The Box: Open Source Software As A Mechanism To Assess Reliability For Digital Evidence Fall 2001
GCFA Practical Assignment [PDF] September 2002
Geeks with Guns, or How I Stopped Worrying and Learned to Love Computer Evidence [PDF] October 2005
Gender-Preferential Text Mining of E-mail Discourse [PDF] 2002
General Guidelines for Seizing Computers and Digital Evidence
Generalising Event Forensics Across Multiple Domains [PDF] 2004
Generalizing sources of live network evidence [PDF] February 2005
Gentoo Linux Quick Install Guide for a Forensic Workstation [PDF] March 2004
Getting Physical with the Digital Investigation Process [PDF] Fall 2003
Getting to the Drive: Gaining Access to your Opponent’s Digital Media
Getting to the Drive: Gaining Access to your Opponent’s Digital Media [PDF]
Ghosts in the Machine (from
GMU2005 presentations [Zipped PP Presentations] August 2005
Good discussion of clusters, temp. files, deleted files, SLACK, etc.
Good Documentation Is Essential
Good Practice Guide For Computer based Electronic Evidence [PDF] v.3 - September 2003
Good Practice Guide For Computer Based Evidence [PDF] v.2 - June 1999
Good Practice Guide for Mobile Phone Seizure & Examination [Word doc] March 2006
Good to the Last Byte [PDF - Local copy] March/April 2004
Googling Forensics [PDF] September 2005
Got a Virus? Don’t Call a Doctor, Call a Cop Winter 2002
Guide for the preservation of computer based evidence following an unauthorised intrusion
Guide to Computer and Network Data Analysis: Applying Forensic Techniques to Incident Response [PDF] August 2005
Guide to Computer and Network Data Analysis: Applying Forensic Techniques to Incident Response [PDF] August 2005
Guidelines and Recommendations for Training in Digital & Multimedia Evidence [PDF] July 2004
Guidelines For Data Gathering And Forensics? - Thread started July 2001
Guidelines for Evidence Collection and Archiving July 2000
Guidelines for Media Sanitization [PDF] February 2006
Guidelines for the Best Practice in the Forensic Examination of Digital Technology [Word document] October 2003
Guidelines for the Handling and Seizure of Digital Evidence [PDF]
Guidelines for the Management of IT Evidence [PDF] March 2004
Guidelines for the Management of IT Evidence [PP Presentation] March 2004
Guidelines on Cell Phone Forensics [Draft] [PDF] August 2006
Guidelines on PDA Forensics [PDF] November 2004
Guidelines on PDA Forensics [PDF] November 2004
Hack and Counter-Hack - Active Forensics: Tracking that Intruder January 2001
Hackers, Crackers, E-Fraud & Forensics [PDF] May 2006
Hacking, Handling and Investigation Experience Sharing [PDF] January 2003
Hacking, Learning to Prevent it by Knowing more About it [Presentation] January 2000
Halcrow Group Ltd MIS Computer Forensic Procedures June 2002
Handbook of Computer Crime Investigation Sample Chapter [PDF]Additional Materials Related to the Book
Handheld Forensics [PDF Presentation] November 2005
Handheld Forensics: Palm and Beyond [PDF Presentation] June 2005
Handhelds give up secrets
Handling Crime in the 21st century
Handling Digital Evidence [PDF]
Handling Digital Evidence [PP & PDF Presentation] May 2005
Handling Digital Photographs for Use in Criminal Trials [PDF] May 2004
Handling evidence after an 'incident' [PDF Presentation] October 2004
Hands-On Honeypot Technology - Analysis & Forensics [PDF Presentation] July 2005
Hard Challenges for Digital Forensics [PDF Presentation] February 2005
Hard disk ATA Security [PDF Presentation] March 2006
Hard Disk Drives - Bigger is Not Better
Hard Drive Secure Information Removal and Destruction Guidelines [PDF] October 2003
Hard-Disk Risk 2003
Hash Sets and Their Proper Construction [PDF]
Hash Sets for Hacker Tools [bottom of page]
Helix 1.7 for Beginners [PDF] Updated March 2006
Helping Your Users by Spying On Them [PDF] August 2005
Here's How to Avoid Nasty Bytes
Hexadecimal Flags for Partition Types [Zipped Word Document] February 2002
Hidden Data [PDF Presentation] April 2005
Hidden data in popular office file formats [PDF] April 2006
Hidden Date & Times - Forensic Analysis & Daylight Saving / Time Zone Pitfalls [PDF] (from
Hidden or Hiding: Mac OS X’s Forensic Assets and Liabilities [PDF] October 2005
Hidden Text in Computer Documents August 2003
Hiding Crimes in Cyberspace [PP Presentation] March 2001
Hiding Crimes in Cyberspace [Word document] July 1999
Hiding within the Trees [PDF] 2004
High Tech Crime Briefs January 2005 New series, issues 1-9
High Tech Forensics [PDF] July 2004
High Tech Forensics: Serving as a Police Reserve Specialist [PDF]
High tech investigations: It ain’t just forensics [PDF Presentation] May 2005
High Technology Crimes (Sacramento Valley Hi-Technology Crimes Task Force) [PDF Presentation] 2004
Higher-order Wavelet Statistics and their Application to Digital Forensics [PDF] 2003
High-Tech Crimes Revealed: Cyberwar Stories from the Digital Front
High-Tech Evidence Gathering: Tapping into the Computer Criminals 1999
High-Tech Holmes July 2001
Honeynet Data Analysis: A technique for correlating sebek and network data [PP Presentation] August 2004
Honeynet: A Platform for Studying Hacker Behaviors and Computer Forensics [Presentations in PDF] August 2003
Honeypot Forensics - No stone unturned or: logs, what logs? [PP Presentation] December 2004
Honeypot forensics [PDF] JUne 2004
Honeypot: Hacker Tracking and Computer Forensics AND
Honeypot-based Forensics [PDF] May 2004
Honeypots: Monitoring and Forensics [LINK to Site]
Honeytraps As A Forensic Tools [Presentation] February 2002
Honeytraps as Forensic Tools [PP Presentation] Fall 2001
Honeytraps, A Network Forensic Tool (Paper Draft) [PDF]
Honeytraps, a Network Forensic Tool [PP Presentation] February 2002
Hooking IO Calls for Multi-Format Image Support (using PyFlag) January 2005
How damaging is that trunk mounted radio to computer evidence? [RTF doc]
How Effective Cooperation with Law Enforcement Authorities Can Promote Computer Security [PP Presentation] March 2004
How to Conduct On-Premises Discovery of Computer Records Part I: Obtaining the Data
How to Conduct On-Premises Discovery of Computer Records Part II: Dectecting Altered Records
How to duplicate a complete PC via network
How to duplicate a Linux PC or partition via network
How to identify and re-claim a compromised Linux machine using TCT
How to Image RAIDS [PP Presentation]
How to Investigate Computer Intrusions: A Checklist
How To Permanently Erase Data from a Hard Disk 2005
How to prepare your department for a forensics investigation, the importance of developing a methodology, as well as the step
How to Reuse Knowledge about Forensic Investigations [PDF] August 2004
How to use Forensic Toolkit v2.0 on Windows NT 4.0 Server [PDF] 2002
How to use Helix to conduct a Basic Incident Response on a Windows XP Professional SP2 Computer March 2005
How to Use iLook Investigator v7.0 [Zipped PP Presentation] November 2001
How Windows encrypts .PWL files November 1995
How Windows stores information about the User October 2000 (From Septem [PDF] 2004
Hunting Hackers: How to Fight Back
Ibas Computer Forensics: A White Paper [PDF]
IBM OS/400 - AS/400 – Recognizing and Securing the System [PDF]
ICT Abuse & Digital Forensic Investigations [PP Presentation] December 2005
Identification of Appropriate Technologies, Procedure for Handling & Analysing Digital Evidence [PP Presentation] 2005
Identification of Known Files on Computer Systems [PDF Presentation] February 2005
Identify Intrusions with Microsoft Proxy Server, Web Proxy Service and WinSock Proxy Service Log Files [PDF] 2001
Identifying a deleted account November 2002
Identifying almost identical files using context triggered piecewise hashing [PDF] August 2006
Identifying Internet Activity: Computer Forensics Goes To Cyber Space
Identifying the Owner of a Website [PP Presentation] 2000
IDS Logs in Forensics Investigations: An Analysis of a Compromised Honeypot March 2003
Ilook Investigator [PP Presentation] 2005
Image is Everything [PDF]
Impediments to the successful investigation of transnational high tech crime October 2004
Implementing a Forensic Response Unit [PDF Presentation] June 2004
Implementing Policies and Procedures for Effectively Supervising CyberOffenders: U.S. Probation Department-EDNY [PDF Pre
Importance of a Standard Methodology in Computer Forensics [PDF] May 2000
Improved event logging for security and forensics: developing audit management infrastructure requirements [PDF] April 2003
Improving Computer Forensics Media Analysis with Modeling Languages [PP Poster] 2004
Improving evidence acquisition from live network sources [PDF] May 2006
Improving Government-Wide Emergency Response to Cyber Incidents [PDF] June 2001
In an effort to avoid censorship and protect patron privacy, public libraries may become unwitting accomplices to cybercrime.
In this case, the prosecution claims that Mr. Defendant-Name knowingly possessed and accessed specific contraband data. Th
Inappropriate use of computers - the technical investigation process December 2003
Inappropriate Use of Computers - The Technical Investigation Process December 2003
Incident Analysis of a Compromised RedHat Linux 6.2 Honeypot April 2002
Incident and Wiretap of a Real Case [Word Document - from]
Incident Detection, Recovery and Forensics, Plus a Few Selected Threat Remarks [PP Presentation] September 2005
Incident Handling / Forensics FAQ
Incident Handling I [PDF Presentation] May 2003 (from
Incident Handling II [PDF Presentation] May 2003 (from
Incident Handling/Forensics FAQ
Incident Handling: The Art of Containing Compromised Information [PDF] December 2000
Incident Handling: Where the Need for Planning is often not Recognised [PDF] November 2003
Incident Management with Law Enforcement December 2001
Incident Reporting & Automation [PDF] March 2001
Incident Response - Preparedness is Essential in Today’s Computing Environment [HTML-framed Presentation]
Incident Response & Computer Forensics [PP Presentation] September 2005
Incident Response & Computer Forensics, Second Edition
Incident Response & Evidence Management [PDF Presentation] November 2002
Incident Response [PP Presentation] 2001
Incident Response and Analysis [PP Presentation] April 2003
Incident Response and Computer Forensics [PDF Presentation] March 2004
Incident Response and Computer Forensics [PP Presentation] October 2003
Incident Response and Digital Forensics [PP Presentation]
Incident Response and Forensics [PP Presentation] July 2003
Incident Response and Forensics in Higher Education Environment [PP Presentation] April 2004
Incident Response and Forensics: A Look Inside a Hacked Box [PDF Presentation] February 2006
Incident response and fraud investigation – the role of the information technology auditor 2003
Incident Response and Handling [PDF Presentation] March 2005
Incident Response and Network Forensics [PP Presentation]
Incident Response Checklist
Incident Response Fundamentals Class [PDF Presentation] 2000
Incident Response Plan - A technical guide to aid in preparing for, detecting and responding to computer security incidents [PD
Incident Response Planning and Forensic Readiness [PP Presentation] February 2002 (from
Incident Response Procedure for Account Compromise [PDF] 2004
Incident Response Procedures
Incident Response Toolkit [PDF Presentation] August 2003
Incident Response Tools For Unix, Part One: System Tools March 2003
Incident Response Tools For Unix, Part Two: File-System Tools October 2003
Incident Response: A Primer on Prepartation and Resolution [Zipped PDF Presentation] (from
Incident Response: Chapter 7 - Tools of the Trade August 2001
Incident Response: Computer Forensics Toolkit
Incident Response: Investigating Computer Crime
Incident Response: Performing Investigations on a Live Host [PDF]
Independent Review of Common Computer Forensics Imaging Tools [PDF] August 2003 (from
Independent Validation & Verification of SMART for BeOS [PDF] February 2002
Independent Validation & Verification of SMART for Linux [PDF] November 2002
Index.Dat Files and Primary I.E. Folders
INFO2 Recycle Bin File - A Primer September 2005
Inforensics 101 [PP Presentation] May 2004
Information Assurance Applied to Authentication of Digital Evidence October 2004
Information Leakage and Computer Forensics [PDF Presentation] February 2006
Information Systems Forensics: A Practitioner's Approach November 2004
Information Technology Security Part 6 Investigation and Forensics I [HTML Presentation] March 2002
Initial investigating actions related to detecting cyber crimes
Initial Response to Windows NT/2000 [PDF]
Innovation and Legal Acceptability in Computer Forensics [Zipped PDF] June 2000
Innovative Techniques to Manage Sex Offenders in the Community [PDF Presentation] June 2005
Inquiry into Terrorism Detention Powers [PDF] January 2006
Inside the e-Nigma [PDF] 2001
Installing The Coroner's Toolkit and using the mactime utility
Intercept and Intelligence Hopefully Lawful [PDF] 2001
Interfacing with Law Enforcement FAQ January 2004
Internal Computer Investigations as a Critical Control Activity [PDF Presentation] April 2005
Internal Investigation Case Studies [PDF] February 2005
Internal Investigations - Procedures and Techniques: An Overview [PDF] April 2001
Internal Response Teams versus External Consultants - A Decision Matrix [PDF] February 2004
Internet and judicial investigation: difficulties in judicial practice [PDF] 2001
Internet Ballistics: Retrieving Forensic Data From Network Scans (Poster) [PDF] August 2004
Internet Browsing (and the question of intent) February 2003
Internet Forensics[Sample] Chapter 4: Obfuscation [PDF] October 2005
Internet Investigations - Finding the Suspect (from
Internet Security & Incident Response: Scenarios & Tactics [PP Presentation] 1998
Internet Undercover Operations [HTML-framed Presentation] February 2004
Interpreting Network Traffic: A Network Intrusion Detector's Look at Suspicious Events October 2002
Intro in IT Forensics Mgmt [PDF] June 2004
Intro to Computer Forensic Tools [PDF Presentation] November 2003
Intro to Computer Forensics [PDF Presentation]
Intro to End-to-End Digital Investigation [PP Presentation] May 2005
Intro to forensics: Using the last command to track down changes January 2003
Intro to Linux for Cyber Crime Investigators and Computer Forensic Examiners [PP Presentation] 2003
Intro to Linux for Data Forensics version 2.0.5 [NASA ftp site]
Introducing Digital Forensics [PP Presentation] May 2004
Introducing the Metaspolit Antiforensics Project [PDF Presentation] September 2005
Introduction to Computer Forensics [PDF] August 2005
Introduction to Computer Forensics [PP Presentation] 2006
Introduction to Computer Forensics [PP Presentation] April 2004
Introduction to Cyber Forensics [PDF Presentation] 2006
Introduction to Cyber Forensics: Forensics Incident Response [PDF Presentation]
Introduction to Digital Evidence Seizure [PDF Presentation] September 2003
Introduction to Digital Evidence Seizure [PDF Presentation] September 2003
Introduction to Digital Forensics Procedure, Tools, and Techniques [PDF Presentation] April 2006
Introduction to Forensics 101 [PDF Presentation] August 2003
Introduction to Knoppix-STD: Forensic Analysis of a Compromised Linux Harddrive [PP Presentation] March 2004
Introduction to Linux Forensics [PDF] June 2005
Introduction to Linux Forensics [PP Presentation] June 2005
Introduction to Network and Local Forensics [PDF Presentation] May 2005
Introduction to The Sleuth Kit (TSK) [PDF] September 2005
Intruder Discovery / Tracking and Compromise Analysis August 2000
Intrusion Auditing with NTLast [PP Presentation]
Intrusion Detection and Incident Response
Intrusion Detection and Network Forensics [PP Presentation] April 2000
Intrusion Detection as a Network Forensic Tool [Word Document] (Abstract)
Intrusion Detection FAQ What are some acceptable procedures for documentation and detective work that will result in court-a
Intrusion Detection for Linux Server
Intrusion Detection Systems and A View To Its Forensic Applications [Available as Postscript download] February 2000
Intrusion Detection Systems as Evidence [PDF] December 2000
Intrusion Detection Tools [PDF Presentation] November 2005
Intrusion Detection: Forensic Computing Insights arising from a Case Study on SNORT [PDF] 2003
Intrusion Detection: Issues and Challenges in Evidence Acquisition [Word document] May 2003
Intrusion Investigation and Post-Intrusion Computer Forensic Analysis 2000
Investigating an Attempted Intrusion 1999
Investigating an Internal Case of Internet Abuse [PDF] September 2001
Investigating and Prosecuting Network Intrusions 1996
Investigating Child Exploitation and Pornography
Investigating Cyber Crime/Hacking and Intrusion [PDF]
Investigating E-Mail Activities [PP Presentation] May 2004
Investigating Internet Histories with Internet Explorer 6
Investigating Internet Histories with Netscape Navigator 6
Investigating Internet Security Incidents: A Brief Introduction to Cyber Forensic Analysis [PP Presentation] 1999
Investigating Network Intrusions [PDF Presentation] June 2001
Investigating One Incidence of Anomalous Network Traffic [PDF] June 2001
Investigating Sophisticated Security Breaches [PDF] February 2006
Investigating The Fraud, Recovering Digital Evidence, and Assessing Damages
Investigating Wireless [PDF] 2005
Investigation Internet Usage [HTML-Frames Presentation] January 2002
Investigation Into Computer Forensic Tools [PDF] September 2004
Investigation into the Removal of Records and Erasure of Computer Files from the Former Mayor's Office [PDF] June 2003
Investigation of Cybercrime and Technology-related Crime March 2002 (from
Investigative Responses (Email Tracing)
Investigative Skills for the 1990s and Beyond [PDF]
Investigative Uses of Computers: Analytical Time Lines [PDF] August 2000
IOCE [PDF Presentation]
IOCE vs. G-8 Principles [PDF]
IP & Cybercrime [PDF] February 2003
IP Addresses and You [PP Presentation]
IP Tracing - A Primer in Tracing IP and Email Addresses [HTML-framed Presentation]
Ipod Forensics [PDF] December 2004
Ipod Forensics [PDF] Fall 2005
Ipod Forensics: Forensically Sound Examination of an Apple Ipod [PDF] November 2005
IS Auditing Guideline: Computer Forensics
Is that a Felony on Your Computer? [PDF] October 2003
Is That Data Gone Forever? [PP Presentation] May 2001
Is your data ready for its day in court? [PDF] November 2002 (from
ISObuster as a Forensic Tool [PDF] September 2002
Issue of newsletter devoted to 'Computer Crime' [PDF] Summer 1999
Issues in Computer Forensics [PDF] May 2003
Issues surrounding the need to develop laboratory protocols for computer forensic science that meet critical technological and
IT Autopsy March 2001
IT Forensic Investigation [PP Presentation] April 2003
IT Forensics: the collection of and presentation of digital evidence [PDF] July 2005
IT Security and Forensics: A Complementary Approach [PDF Presentation] 2004
Kazaa Hash values and their use as criminal 'proof' April 2006
Key Registry Locations [PDF] January 2005
Keystroke Logging Investigation [PDF] 2004
Keyword Searching and Indexing of Forensic Images (using PyFlag) January 2005
Kick-Starting Forensics at Your School [PP Presentation] April 2006
KNOPPIX Bootable CD Validation Study for Live Forensic Preview of Suspects Computer [PDF] 2003
Knoppix First Responders Guide [PDF] July 2003
Knowledge discovery and experience modeling in computer forensics media analysis [PDF] 2004 (Registration required)
Lakewood PD Digital Policy
Language and Gender Author Cohort Analysis of E-mail for Computer Forensics [PDF] August 2002
Language and Gender Author Cohort Analysis of E-mail for Computer Forensics [PP Presentation] August 2002
Laptop Hard disk removal page (from
Large download - 5.5 MB / 329 slides
Law Enforcement and Digital Evidence [PDF] April 2005
Law Enforcement Challenges in Digital Forensics [PDF Presentation] 2002
Law Enforcement Quarterly Winter 2005-2006
Law Enforcement Tools and Technologies for Investigating Cyber Attacks [PDF] June 2002
Law Enforcement Tools and Technologies for Investigating Cyber Attacks: Gap Analysis Report [PDF] February 2004
Law Enforcement Training Manual [PDF]
Law enforcement uses high-tech tools to spot Internet crime (Page 1) [Word Document] July 2002
Law Enforcement, Forensics and Mobile Communications [PDF] March 2006
Layer 2, Routing Protocols, Router Security & Forensics [PP Presentation] 2002
Learning by Doing April 2002
Learning from what Intruders Leave Behind December 2000
Learning the Computer Forensic Way [PDF]
Legal Aspects of Collecting and Preserving Computer Forensic Evidence [PDF] April 2001
Legal Constraints for the Protection of Privacy and Personal Data in E-evidence Handling [PP Presentation] May 2003
Legal Methods of Using Computer Forensics Techniques for Computer Crime Analysis and Investigation [PDF] 2004
Link to theZipped Tools associated with presentation
Linkin' Logs To Fraud November 2002
Linux and Forensic Discovery - Thread started January 2003
Linux as Forensic Platform of Choice [Presentation in PDF] April 2003
Linux Computer Forensics: Forensic Disk Imaging [PDF Presentation] July 2005
Linux Data Hiding and Recovery March 2002
Linux Forensics [PDF Presentation] October 2004
Linux Forensics [PP Presentation] June 2004
Linux Forensics Weekly March - April 2004
Linux Memory Forensics March 2004
Linux OS, Networking and Forensics [PDF]
Linux/UNIX Security Response Cookbook [PDF Presentation] June 2004
LINX Best Current Practice - Traceability May 1999
List of all vehicles with EDRs
Live Forensics on a Windows System: Using Windows Forensic Toolchest (WFT) [PDF Presentation] June 2006
Live forensics: diagnosing your system without killing it first [PDF] February 2006
Live Solaris Evidence Gathering Instructions (V 1.0) [PDF] May 2006
Live Solaris Evidence Gathering Instructions (V 1.2) [PDF] May 2006
LiveWire Investigator [PDF Presentation] November 2005
Local Copy
Log Analysis (using PyFlag) January 2005
Log Analysis in Windows [PDF Presentation] April 2004
Log files can make or break your case in court. Here's how to preserve the evidence.
Log Parser (Microsoft) June 2006
Logfile Analysis: Identifying a Network Attack [PDF] July 2001
Logging and Log Analysis - The Essential [PDF Presentation] July 2004
Logs & Forensics [PDF Presentation] April 2004
Looking for foul play - digital forensics Part 2 August 2006
Lost? No. Found? Yes. Those Computer Tapes and Emails are Evidence [PDF] 2001
Loudoun's AOL Detective Finds Clues in E-mail August 2000
Low-Intrusive Consistent Disk Checkpointing: A Tool for Digital Forensics [PDF] February 2005
Mac Acquisition using Target Disk Mode
Macintosh Forensic Analysis Using OS X [PDF] October 2002
Macintosh Forensics [PDF Presentation] November 2005
Macintosh Forensics [PDF Presentation] September 2005
Magnetic Data Recovery – The Hidden Threat [PDF] April 2006
Maintaining Credible IIS Log Files November 2002
Maintaining Forensic Evidence for Law Enforcement Agencies from a Federation of Decoy Networks: An Extended Abstract [P
Maintaining System Integrity During Forensics August 2003
Maintaining The Digital Chain of Custody [PDF] April 2003
Maintaining the Forensic Viability of Logfiles [PDF] May 2001
Making a case for reporting and prosecution of a cyber incident [PDF] January 2003
Making It Big: Large Scale Network Forensics (Part 1 of 2) March 2003
Making It Big: Large Scale Network Forensics (Part 2 of 2) March 2003
Making sense of Windows Install Dates and Times [Word doc]
Malware analysis for windows administrators [Available by request] 2005
Malware Detection - Known File Filtering [PDF] February 2004
Malware Forensics by Automatic Experiments [PDF] June 2005
Manager Offers Primer On Computer Forensics July 2000
Managing your Evidence Problems associated with proper collection procedures [PDF]
MD5 collisions and the impact on computer forensics [PDF] 2005
md5bloom: Forensic filesystem hashing revisited [PDF] August 2006
Meeting the Challenge: E-mail in Civil Discovery
Meeting the Challenge: E-Mail in Civil Discovery [PDF] 2004
Memory Imaging and Forensic Analysis of Palm OS Devices [PDF Presentation] June 2002
Metadata, The Mac, and You
Methodologies for the use of VMware to boot cloned/mounted subject hard disk images [PDF] March 2005
Methods for evidencing illicit use of a computer system or device [A Patent Application] April 2003
Methods of Data Transportation
MFP: The Mobile Forensic Platform [PDF] Spring 2003
Microsoft Word MetaData Forensics Tutorial March 2004
Mining E-mail Content for Author Identification Forensics [PDF]
Mobile Device Forensic Software Tools [PDF Presentation] November 2005
Mobile Device Insecurity [PDF Presentation] April 2005
Mobile Device Security page - small collection of tools
Mobile Forensic Platform [PP Presentation] January 2004
Mobile Forensics: Bridging the Gap between Cops and Examiners [PDF Presentation] November 2005
Mobile Phone Forensic Examination - Basic Workflow & Preservation Select options from drop-down menu at left
Modeling of Post-Incident Root Cause Analysis [PDF] Fall 2003
Monitoring Access to Shared Memory-Mapped Files [PDF] August 2005
More Than CSI: High-Tech Crime Investigation [PP Presentation] 2004PDF Format
Nailing the Intruder [PDF] July 2001
National Security, Forensics and Mobile Communications [PP Presentation] March 2006
netForensics® – A Security Information Management Solution [PDF]
Netmon forensic tools and tipsApril 2006
Network Forensic Traffic Reconstruction with Tcpxtract January 2006
Network Forensics - CSI: Enterprise December 2004
Network Forensics - Hacker, You cannot Escape! [Presentation in PDF] February 2004 (from
Network Forensics (from
Network Forensics Analysis [PDF] 2002
Network Forensics Analysis Tools: An Overview of an Emerging Technology [PDF] January 2003
Network Forensics Analysis with Evidence Graphs [PDF] August 2005
Network Forensics and Auditing [PDF Presentation] June 2003
Network Forensics and Covert Channels Analysis in Internet Protocols [PDF Presentation] April 2006
Network Forensics Evasion: How to Exit the Matrix March 2006
Network forensics in a post GE world [PDF Presentation] October 2005
Network Forensics June 2004
Network Forensics Primer [PP Presentation] August 2005
Network Forensics Tools November 2004
Network Forensics: Tapping the Internet April 2002
Network Intrusion and Attack Signatures [PDF Presentation] Spring 2002
Network Monitoring and Forensics [PDF] May 2004
Network Support For IP Traceback [PP Presentation] April 2000
Network Traffic as a Source of Evidence: Tool Strengths, Weaknesses, and Future Needs [PDF] December 2003
New Approaches to Digital Evidence [PDF]
New Directions in Disk Forensics [PDF Presentation] January 2006
New Incident Response Best Practices [PDF] September 2003
Next Generation Data Forensics & Linux [PDF Presentation]
Next Generation Data Forensics & Linux [PDF] July 2002
NGN Network Security Forensics and the Data Retention Directive [PDF Presentation] January 2006
NIJ Technology Program Publication Collection: Electronic Crime
NIJ’s Electronic Crime Program: An Overview [PDF Presentation] 2004
NIST Special Publication 800-86 (Draft)
No Stone Unturned Series
No Thanks for the Memories January 2001
Nobody’s Anonymous — Tracking Spam and Covert Channels [PDF Presentation] July 2004
Nobody's Anonymous - Tracking Spam [PDF Presentation] January 2004
Norton Ghost 2003 as a Forensic Image Acquisition Tool (GCFA Practical) [PDF] December 2002
Not Just a Game Anymore 1999
Notes on dd and Odd Sized Disks [Word Document]
NT Information Gathering Commands
NT/2K Incident Response Tools August 2001
NTFS compression white paper (from
NYECTF Homeland Defense Document [PP Presentation]
NYECTF's Approach to Cybercrime [PP Presentation]
Obtaining And Protecting Electronic Information For Prosecution Purposes [PDF] August 2001
Obtaining Computer Evidence [Zipped PP Presentation] April 2002
On the role of file system metadata in digital forensics [PDF] December 2004
One Big File Is Not Enough: A Critical Evaluation of the Dominant Free-Space Sanitization Technique [PDF] June 2006
Online evidence gathering and the Evidence Bin [PDF] October 2005
Online Forensics of Win32 System Guide [Zipped] May 2004
On-line Fraud [PDF Presentation]
On-line Investigations [PDF Presentation] 2003
Online lecture material/notes for the class
Open Resources to Improve Your Forensic Analysis [PDF Presentation] November 2005
Open Source Digital Forensic Acquisition and Analysis on Mac OS X [PDF Presentation] October 2004
Open Source Digital Forensics Tools: The Legal Argument [PDF] October 2002
Open Source in Computer Forensics [PDF Presentation]
Operation CyberSweep [PP Presentation] January 2004
Operation Ore – The Tip of the Iceberg? [PDF] March 2003
Operation Websnare [PP Presentation] September 2004
Operational Computer Forensics - The New Frontier [PDF] 2000
Oracle Database Forensics using LogMiner [PDF] January 2005
Orphans in the NTFS World [PDF] 2005
Our Perspective of Computer Forensics and Electronic Discovery in Our Corporate Environment [PDF Presentation] November
Overview and Impact on 21st Century Legal Practices: Digital Forensics and Electronic Discovery, The Good, The Bad and Th
Overview of Computer Forensics [Presentation] Fall 1999
Overview of fcopy [PP Presentation] Spring 2002
Overview of Legal Aspects, E-Evidence and Data Protection [PP Presentation] May 2003
P0st-M0rt3m 0f 4 R00tk1t 4tt4ck [PP Presentation] April 2001
Packet forensics using TCP August 2005
Packet Sniffing for Automated Chat Room Monitoring and Evidence Preservation [PDF] June 2001
Pages 4-6 of 'Know Fraud'
Paper presented at USENIX. Discusses issues in static and dynamic RAM, CMOS circuitry, and EEPROMs and flash memory.
Part 1 [PDF Presentation] July 2005
Part 1 February 2002
Part 1: An Introduction to the Field Guide for Investigating Computer Crime
Part 2 - Make the most of your security log data July 2005
Part 2 [PDF Presentation] July 2005
Part 2 March 2002
Part 2: Overview of a Methodology for the Application of Computer Forensics
Part 3 April 2002
Part 3: Search and Seizure Basics
Part 4 May 2002
Part 4: Search and Seizure Planning
Part 5 June 2002
Part 5: Search and Seizure Approach, Documentation, and Location
Part 6 August 2002
Part 6: Search and Seizure - Evidence Retrieval and Processing
Part 7: Information Discovery - Basics and Planning
Part 8: Information Discovery - Searching and Processing
Part of their'Hands-On Honeypots' course taught at Blackhats USA 2005
Part Two: A Forensics Inquiry, Step by Step September 2004
PC Forensics Analysis [PP Presentation] August 2003
PC-Based Partitions [PDF] March 2005
PDA Forensic Tools: An Overview and Analysis [PDF] August 2004
PDA Forensic Tools: An Overview and Analysis [PDF] August 2004
PDAs and Forensic Science [PP Presentation] Spring 2002
pdd: Memory Imaging and Forensic Analysis of Palm OS Devices [PDF] March 2002
PDF Presentation
PDF Presentation
PDF version
PDF version
PDF version
Performing a Forensic Investigation [PDF] March 2004
Performing a Security Forensics Review [PDF Presentation] October 2005
Performing an Autopsy Examination on FFS and EXT2FS Partition Images: An Introduction to TCTUTILs and the Autopsy Fore
Performing Effective Incident Response [PDF Presentation] July 2005
Phishing and Federal Law Enforcement [PP Presentation] August 2004
Physical Memory Forensics [PDF Presentation] July 2006
Picking Up the Slack: A Peek Behind the Curtain of Computer Forensics
Pinpointing and Locating Data on Digital Media [PDF Presentation] September 2004
Planning for Failure: Developing an Effective Incident Response Plan for HIPPA Compliance [PP Presentation] September 200
Playing Hide and Seek, Unix style
Playing in the Devil's Playground [PP Presentation] July 1999 Discusses the merit of using statically linked binaries for forensic
Police Posing as Juveniles Online to Catch Sex Offenders: Is It Working? [PDF] July 2005
Police Reserve Specialists - Local Application of Global Concept [PP Presentation] March 2002
Police Tighten the Net September 1998
Policies to Enhance Computer and Network Forensics [HTML Presentation] June 2001
Policies to Enhance Computer and Network Forensics [PDF]
Policies to Enhance Computer and Network Forensics [PDF] June 2001
Policies to Enhance the Forensic of Computer Security (complete presentation, 63 slides) April 2000
Policies to Enhance the Forensic of Network Security April 2000 [Ghostscript Reader Required]
Policing Cyberspace [PDF] January 1995
Policing the Digital Frontier 2003
Possession of Child Pornography July 2001 (updated September 2002)
Powerpoint Briefing
Powerpoint Briefing
Powerpoint Briefing
Powerpoint Briefing
Powerpoint Briefing
Powerpoint Briefing
Powerpoint Briefing
PowerPoint Presentation
PowerPoint version
PP Presentation
PP Presentation
PP Presentation August 2002
Practical Approaches to Recovering Encrypted Digital Evidence [PDF] August 2002
Practical Network Support For IP Traceback [PDF Presentation] October 2000
Practical Network Support For IP Traceback [PDF] April 2000
Practical Windows Forensics [HTML-framed Presentation] July 2001
Practice effective security log analysis July 2005
Pre-Forensic Setup Automation for Windows 2000 [PDF] May 2002
Preparing for Large-Scale Investigations with Case Domain Modeling [PDF] August 2005
Preparing for the Unexpected: Is it Possible? [PDF] Secure Business Quarterly 2001
Preparing to be an Expert Witness [PDF Presentation] November 2005
Presentations/Forms/Publications - Internet Safety page
Preservation of Fragile Digital Evidence by First Responders [PDF] August 2002
Preserve and Protect February 2004
Principal Current Data Types [PDF] March 2003
Principles of Digital Forensics as applied to Law Enforcement [PDF Presentation] July 2006
Principles, Practices and Procedures: an Approach to Standards in Computer Forensics [PDF] April 1995
Principles-Driven Forensic Analysis [PDF] September 2005
Privacy and Online Investigation by Copyright Management Bodies [PP Presentation] May 2003
Proactive & Reactive Forensics [PDF Presentation] September 2005
Probing into Digital Image Tampering [PDF] December 2004
Problem Clearing Internet Explorer's History Data
Problems of Investigation of Crimes in the Field of Banking Computer Systems
Procedural Aspects of Obtaining Computer Evidence with Highlights from the DoJ Search & Seizure Manual [Zipped file] Febru
Procedures for Seizing Computers [PDF] May 2000
Process Dump Analyses - Forensical acquisition and analyses of volatile data [Zipped PDF] July 2006
Process Forensics: A Pilot Study on the Use of Checkpointing Technology in Computer Forensics [PDF] Summer 2004
Processing Flash Memory Media
Processing Flash Memory Media [PDF] October 2005
Proficiency Test Program Guidelines [PDF] July 2004
Profiling Computer Criminals - Methodology or Myth [PP Presentation] July 2002
Project Internet Forensics [PDF Presentation] September 2004
Project PFC - Personal Filing Cabinet Converter
Properly Obtaining and Securing Evidence in a Computer Crime Investigation (bottom of page) [PP or PDF Presentations] Feb
Proposal to Formalize Test and Evaluation Activities Within the Forensic and Law Enforcement Communities [PDF] August 200
Protocols for the Recovery, Maintenance and Presentation of Motor Vehicle Event Data Recorder Evidence [PDF] June 2003
Providing Process Origin Information to Aid in Computer Forensic Investigations [PDF] September 2004
Proving the Integrity of Digital Evidence with Time [PDF] Spring 2002
Questions About the Future Secure Business Quarterly 2001 [PDF]
Quick Reference Guide: [Disclosure of] Stored Wire and Electronic Communications [PDF]
RAC Computer Forensic Institute Annual Report [PDF] January 2006
RAID Reassembly - A forensic Challenge (using PyFlag) February 2005
RAID Reconstruction - And the search for the Aardvark [PDF Presentation] April 2005
RCFL National Program [Presentation in PDF] May 2003 (from
Reacting to Cyberintrusions: Technical, Legal and Ethical Issues [Postscript file
Real Digital Forensics: Computer Security and Incident Response
Real Evidence, Virtual Crimes: The Role of Computer Forensic Experts [PDF] Fall 2005
Realizing - Risk Sensitive Evidence Collection [PDF Presentation] August 2005
Real-Time and Forensic Network Data Analysis Using Animated and Coordinated Visualization [PDF Presentation] June 2005
Real-Time and Forensic Network Data Analysis Using Animated and Coordinated Visualization [PDF] June 2005
Real-time Forensic Evidence Collection [PP Presentation] September 2005
Real-Time Forensics Strategies: An Executive Briefing [Word document]
Realtime Intrusion-Forensics - A First Prototype Implementation [PDF Paper & PP Presentation] February 2004
Reasons to Challenge Digital Evidence and Electronic Photography June 2003
Recent Advances in Computer Forensics [PDF Presentation] May 2005
Recent Federal Opinions on the Search and Seizure of Computer Files [PDF]
Recognizing the Importance of Network Enabled Computer Forensics [Presentation in PDF] November 2003
Recommended Guidelines for Developing Standard Operating Procedures [for Digital Forensic Examinations] [PDF] July 2004
Recommended Guidelines for Validation Testing [PDF] July 2004
Recovering and Examining Computer Forensic Evidence October 2000
Recovering Computer-Generated Evidence
Recovering Deleted Files in Linux April 2002
Recovering Digital Evidence from Linux Systems [PDF] 2005
Recovering Unrecoverable Data [PDF] April 2004
Recovering, Examining and Presenting Computer Forensic Evidence in Court [Word document] 2004PP Presentation
Recovery of Digital Evidence
Refining the Taxonomy of Forensic Computing in the Era of E-crime: Insights from a Survey of Australian Forensic Computing
Regional Computer Forensic Laboratories Nov/Dec 2003
Registered Forensic Practitioner: A New Breed of Expert March 2006
Registry key list [Zipped excel spreadsheet] April 2005
Registry Processing: Determining What Files/Folders are Shared
Registry Quick Find Chart [PDF] August 2005
Related PDF Briefing
Related PowerPoint Briefing
Related PowerPoint Briefing
Related Tools [Zipped file]
Remembrance of Data Passed: Used Disk Drives and Computer Forensics [PDF Presentation] 2004
Remote physical device fingerprinting [PDF] 2005
Removing hard drives from computer systems for direct drive-to-drive imaging [PDF]
Report on Defendant-Name vs. State-Name November 2001
Report on Digital Evidence [PDF] October 2001
Report on the Digital Evidence Needs Survey Of State, Local and Tribal Law Enforcement [PDF] March 2005
Report on the Investigation into Improper Access to the Senate Judiciary Committee's Computer System [AKA The Pickle Repo
Reporting probes/intrusion attempts from an IP address 2000
Reproducibility of Digital Evidence in Forensic Investigations [PDF Presentation] August 2005
Reproducibility of Digital Evidence in Forensic Investigations [PDF] August 2005
Resolve Corrupted Cache Problem
Responding and Investigating a Unix Incident with Risk Analysis and Steps to Secure the System [PDF] June 2004
Responding to a Security Incident 2000
Responding to a security incident on a Unix workstation 2000
Responding to Cybercrime in the Post-9/11 World [PDF]
Responding to Security Incidents on a Large Academic Network: A Case Study May 2003 – October 2005 [PDF] February 200
Restore Point Forensics May 2006
Restoring Images via the DD Command
Resurrecting the Smoking Gun: How to Find and Recover Evidence [PDF] April 2003
Rethinking Computer Management of Sex Offenders Under Community Supervision [PDF] Summer/Fall 2002
Retrieval of Video Evidence and Production of Working Copies from Digital CCTV Systems [PDF] March 2006
Review of Digital Intelligence Firefly and Ultrablock products
Risk Sensitive Evidence Collection [PDF Presentation] 2004
Risks and Solutions to problems arising from illegal or Inappropriate Online Behaviours: Two Core Debates within Forensic Co
Robots, Wanderers, Spiders and Avatars: The Virtual Investigator and Community Policing Behind the Thin Digital Blue Line [P
Router Forensics DDOS/worm Updates [PP Presentation] 2002
Running an IT Investigation in the Corporate Environment [PDF] February 2003
Ruxcon 2004 [PP Presentation]
Safe-KIDS - Known Image Database System [PDF]
Salon On Computer Forensics - Thread started April 2002
Sam Spade: A Multifunction Information Toolkit May 2001
Sample Chapter 12 from Know your enemy
Sample Chapter 16: Analyzing a compromised computer in German
Sample Chapter book
Sample Chapter from File System Forensic Analysis
Sample chapter from Honeypots for Windows
Sample Issue [PDF] April 2004
Sample: Chapter 2; Tracking the Offender [PDF]
Saving Your Data After a Head Crash: An Inside Look at a Disk Recovery Service May 2005
Sawing Linux Logs with Simple Tools September 2004
Scalpel: A Frugal, High Performance File Carver [PDF] August 2005
Scan of the month - Scan 24
Scan of the month - Scan 26
Scene of the Cybercrime: Assisting Law Enforcement in Tracking Down and Prosecuting Cybercriminals [PP Presentation] July
Scene of the Cybercrime: Computer Forensics Handbook
Search and Seizure in Cases of Computers and Child Pornography April 1999
Search and Seizure of Canadian Computer Environments 1993
Search and Seizure of Computers: Key Legal and Practical Issues
Search Warrants Computers & Digital Evidence [HTML-framed Presentation] November 2005
Search, Seizure and Production Orders Considering the Privacy Environment [PP Presentation] March 2005
Searching and Seizing Computers and Obtaining Electronic Evidence in Criminal Investigations January 2001
Searching and Seizing Computers and Obtaining Electronic Evidence in Criminal Investigations July 2002
Searching for Outlook Compressible Encryption (PST Data) in the Unallocated Clusters January 2006
Searching for processes and threads in Microsoft Windows memory dumps [PDF] August 2006
Searchtools, Indexed searching in forensic images September 2004
Secrets of Computer Espionage: Tactics and CountermeasuresChapter 1: Spies [PDF] June 2003
Secure Audit Logs to Support Computer Forensics [PDF]
Secure Data Deletion for Linux File Systems 2001
Secure Deletion and the Effectiveness of Evidence Elimination Software [PDF] Septemner 2005
Secure Deletion of Data from Magnetic and Solid-State Memory July 1996
Secure Digital Camera [PDF] August 2004
Secure File Deletion, Fact or Fiction? [PDF] July 2001
Securing Electronic Evidence the Right Way [PP Presentation] 2001
Securing Evidence and Preparing it for Court [PDF] July 2005
Security Applications of Bootable Linux CD-ROMs [PDF] November 2001
Security Essentials Toolkit: Forensic Backups
Security Essentials Toolkit: Forensic Backups
Security Event Correlation – Security's Holy Grail? [PP Presentation]
Security Forensic on E-commerce [PDF]
Security Incident Investigation [PDF Presentation] November 2000
Security Information Management Tools: NetForensics Leads a Weary Fleet April 2002
Security Reference Guide [See Data Forensics Section]
Security Tools for the Budget Conscious ISP, Part III: Analysis and Forensics February 2004
Security Warrior: How to Tell if you Unix System is Hacked [PDF] March 2004
Seizing a Computer System for Digital Forensic Systems Examination
Seizing and Searching Computers and Computer Data [RTF doc] 2000
Seizing Computers - Important Considerations (Page 7) [Word Document] April 2000
Seizing Computers and other Electronic Evidence Best Practice Guide [PDF] February 2003
Selection of Hashing Algorithms [Word Document] June 2000
Selective and intelligent imaging using digital evidence bags [PDF] August 2006
Self-reported computer criminal behavior: A psychological analysis [PDF] August 2006
Semantic Forensics: An Application of Ontological Semantics to Information Assurance [PDF] July 2004
SERIES: DBB Kazaa Database File - 1st 9 Fields plus Kazaa Hash Decoded
Setting the Rules on Digital Evidence
Setting up a Cyber Crime Investigation Cell & Cyber Forensics Laboratory 2004
Setting up an Electronic Evidence Forensics Laboratory [PDF] February 2004
Setting up an Online Investigative Computer: Hardware, Connectivity and Software Recommendations [PDF] June 2004
Setting up for Forensics July 2003
Several PDF and PP Presentations
Several presentations and publications
Sex Offender Computer Examinations [PDF Presentation] June 2005
Shadowcrew: Web Mobs March 2005
Sharing Network Logs for Computer Forensics [PP Presentation] September 2005
Sharing Network Logs for Computer Forensics: A New Tool for the Anonymization of NetFlow Records [PDF] 2005
Shell Game June 2002
Sherlock in Linux December 2003
Sherlock is Back January 2004
Should a Corporation Report a Breach to Law Enforcement? [PDF] Fall 2001
Shrinking the Ocean: Formalizing I/O Methods in Modern Operating Systems [PDF] June 2002
Silicon Pathology? [PDF] June 2003 The future of forensic computing
Simple but Sound Tools for First Responders [PDF Presentation] January 2003
Simple Law Enforcement Monitoring [PDF] July 2003 Discusses Lawfully Authorized Electronic Interception
SIRT & Forensics [PDF Presentation] March 2005
Six articles on Computer Forensics for Lawyers
Sleuthkit, the Digital Forensic Toolkit [PDF] October 2003
SleuthKit: a collection of new forensic tools
SmartMedia, CompactFlash & Memory Stick Data Recovery 2001
So Much Evidence... So Little Time November 1999
Software Engineering Project (Honours): ZSAT [PDF] October 2004
Software Forensics
Software Forensics Overview [PDF Presentation] April 2003
Software Write Block - Testing Support Tools Validation [PDF Papers] March 2005
Solving Computer Crime: An Introduction to Digital Forensics [PP Presentation] November 2003
Solving Crimes Through Digital Forensics July 2005
Solving Network Mysteries [PP Presentation] 2001
Some Golden Rules for Investigating On-Line Child Sexual Exploitation 2001
Source of graphic
Spam & Chips - A Discussion of Internet Crime [PDF] April 2002
Stand-alone PC Examination Basic Forensic Guidelines
Standard Operation Procedures for Electronic Evidence Handling [PDF] November 2002
Standardization of Computer Forensic Protocols and Procedures [PDF Presentation] 2002 (from
Standardizing digital evidence storage [PDF] February 2006
Starting a Computer Forensic Lab [PDF Presentation] July 2003
Starting your own Computer Forensics Company [PP Presentation] 2005
Starting your own Computer Forensics Company [Word doc]
State Machine Theory of Digital Forensic Analysis 2004
State Machine Theory of Digital Investigations [PP Presentation] 2005
Statement on the Budget Leak Investigation [PDF] August 2005
Static Linking Under Solaris
Statistical Tools for Digital Forensics [PDF] 2004
Statistical Tools for Digital Image Forensics [PDF] 2005
Steganalysis: Detecting hidden information with computer forensic analysis [PDF] April 2003
Steganography: Implications for the Prosecutor and Computer Forensics Examiner April 2004
Steganography-based Forensic Techniques Using EnCase® 4.0 [PDF] 2003
Stego Forensic Techniques [PP Presentation] 2003
Stego Intrusion Detection System [PDF] August 2004
Step Away from the Keyboard! [PDF Presentation] Februsry 2004
Step by step instructions for using TCT
Steps for Recovering from a Unix or NT System Compromise
Strangers In the Night July 2001
Strengthening the collaboration between the Investigator and the Information System Manager Through Methodical Computer
Structured Investigation of Digital Incidents in Complex Computing Environments [PDF] 2003
Stuff [HTML or PP Presentation] January 2001
Submitting Computers for Forensic Examination (Page 10) [Word Document] June 2000
Summer Workshop 2002 on Network Security
Supportive tools
Surplus Disk Drive Vulnerability – Information leakage November 2003
Survey of Disk Image Storage Formats [PDF] September 2006
SWGDE and SWGIT Glossary of Terms [PDF] (Posted for review) April 2005
System Administration and Network Security Course (2005)
System Baselining - A Forensic Perspective [PDF]
System Documentation - The "RegistryExtractor" [PDF] October 2005
System Forensics [PP Presentation] August 2004
System Rescue with Knoppix [Presentation] September 2005
Tactical Features of Inquiry Actions at Computer Crime Investigation May 2003
Tales from the Abyss: UNIX File Recovery
Teaching Computer Forensics Using Student Developed Evidence Files [PP Presentation] March 2006
Teaching Computer Forensics: Uniting Practice with Intellect [PDF] June 2004
Techniques for Identifying the Threat to your Systems from Researching the Apparent Source of an Attack [PDF] July 2000
Techniques for Now, Problems for the Future October 2000
Technological Aspects of Internet Crime Prevention February 1998
Technology Crime and Computer Forensics [PDF Presentation] January 2005
Technology Crime Investigation in Hong Kong [PDF Presentation]
Technology Report: Forensic Security Tools
Ten Forensics Toolkit November 2002
Testifying in a Computer Crimes Case April 2005
Testing BIOS Interrupt 0x13 Based Software Write Blockers [Paper, PP Presentation & Poster] March 2005
Testing the Date Maintenance of the File Allocation Table File System [PDF] 2003
The "Art" of Log Correlation [PDF] July 2004
The "Swiss Army Knife" for Intrusion Investigators and Computer Forensics Examiners
The Advanced Forensics Format Library and Tools [PDF Presentation] January 2006
The Application of Intrusion Detection Systems in a Forensic Environment (Extended Abstract) [PDF] 2000
The Art of Defiling: Defeating Forensic Analysis on Unix File Systems
The Art of Key Word Searching [PDF] October 2003
The Art, Science & Practice of Digital Evidence [PP Presentation] 2004
The Basics of Digital Evidence Recovery
The Byte Stops Here: Duty and Liability for Negligent Internet Security [PDF] 2000
The CERT Virtual Training Environment: Information Assurance and Forensics Training Anywhere, Anytime [PDF Presentation
The Certified Computer Examiner Certification January 2004
The challenge of electronic evidence: the European response [PDF Presentation] November 2003
The Computer Caper
The Computer Forensics and Cybersecurity Governance Model April 2003
The Computer Forensics Expert Witness - CV, Preparation, Testimony [PDF Presentation] 2004
The Computer Forensics Process and Conducting Web-Based E-mail Searches July 2005
The Computer Under the Microscope Images
The Continuing Evolution of Computer Forensics (pages 18-25) [PDF]
The Coroner’s Toolkit March 2005
The Coroner's Toolkit
The Coroners Toolkit - In depth [PDF] February 2002
The Coroner's Toolkit (TCT) [PP Presentation] Spring 2002
The Coroner's Toolkit [PDF Presentation] March 2005
The Coroners Toolkit: A Handy Suite of Utilities [PDF] December 2000
The Critical Challenges from International High-Tech and Computer-Related Crime [PDF]
The Dark Side of NTFS (Microsoft’s Scarlet Letter)
The Debtor’s Digital Reckonings [PDF] Fall 2003
The DFRWS Framework Classes [PDF] 2003
The Difference Between Paper and Electronic Files [PDF] March 2006
The Difficulty of Data Annihilation from Disk Drives: or Exnihilation Made Easy [PDF] December 2001
The Digital Crime Scene: A Software Prospective [PDF] March 2004
The Digital Evidence in the Information Era March 2004
The Discipline of Internet Forensics August 2003
The Eavesdropper’s Dilemma [PDF] February 2006
The Economics of Digital Forensics [PDF] May 2006
The effectiveness of commercial erasure programs on BitTorrent activity [PDF] September 2006
The electronic autopsy - digital forensics Part 1 August 2006
The Enemy Within - Investigating Computer Crime in the 21st Century [PDF] 2005
The Enemy Without.. The Enemy Within.. ‘Poisoned’ e-mails can be traced back to their creators July 2001
The Enhanced Digital Investigation Process Model [PDF] August 2004
The Enhanced Digital Investigation Process Model [PDF] May 2004Related PowerPoint Briefing May 2004
The Essential Conflict Between "Computer" and "Forensics" [PP Presentation] April 2006
The Essentials of Computer Based Discovery [PDF] 2002
The Essentials of Computer Discovery [Word document] 2002
The Evidential Value of Email [PDF] 2003
The Evolution of Incident Response [PDF Presentation] 2004
The Exchange Principle [PDF] September 2004
The Expert's Role in Computer Based Discovery [PDF] 2002
The Fallacy of Software Write Protection in Computer Forensics [PDF] May 2004
The Farmer's Boot CD [PDF] April 2006
The FBI and the Internet [PDF Presentation] November 2005
The Federal Court, the Music Industry and the Universities: Lessons for Forensic Computing Specialists [PDF] November 2003
The Fight against Cyber-Crime: The Need for Special Training on Digital Evidence
The final HTML drafts that were sent to the publisher; minus the final formatting and a few minor changes
The Foremost Open Source Forensic Tool September 2003
The Forensic Chain-of-Evidence Model: Improving the Process of Evidence Collection in Incident Handling Procedures [PDF]
The Forensic Lifecycle [PDF] 2005
The Future of Computer Forensics: A Needs Analysis Survey [PDF] 2003
The Future of Forensic Computing [PDF] February 2002 (from
The Future of High Tech Crime [PP Presentation]
The Future of Network Digital Evidence [PDF Presentation] November 2005
The Global Enterprise - Forensic Audits Across the Large Scale Network [PDF Presentation] November 2003
The Impact of Forensic Computing on Telecommunications [PDF] 2000
The Investigation of Computer Crime and Crime Scene ComputersLesson Sample [PDF]
The joys of complexity and the deleted file [PDF] July 2005 (Requires registration)
The Latest in Live Remote Forensics Examinations [PDF Presentation] June 2006
The Law Enforcement Paradigm in DoD Environments [PP Presentation] April 2002
The Legal Duty of IAP's to Preserve Traffic Data : a Dream or a Nightmare? [PP Presentation] May 2003
The Linux Kernal and the Forensic Acquisition of Hard Discs with an Odd Number of Sectors [PDF] Fall 2004
The Managers Role: Incident Response, Electronic Evidence and Forensics [PP Presentation] October 2003 (from
The Metasploit Framework - A DigitalDefence Technical Note [PDF] April 2006
The Necessity for Computer Forensics January 2002
The Need for a Technical Approach to Digital Forensic Evidence Collection for Wireless Technologies [PDF Presentation] June
The Need for an 802.11b Toolkit [PP presentation] July 2002
The Need For Forensic Capabilities In The Commercial Sector [PP Presentation] July 2000
The Network-Centric Incident Response and Forensics Imperative [PDF Presentation] June 2006
The New De-Tech-Tives [PDF] Spring/Summer 1999
The new field of computer forensics is keeping security experts on the trail of cybercriminals - December 1998
The New Zealand Hacker Case: A Post Mortem [PDF] September 2005
The Plaintiffs' Practical Guide to E-Discovery [PDF] 2004
The Reality of Computer Forensics [PDF] (from
The Role of Computer Forensics in Stopping Executive Fraud October 2004 Sample chapter from "Defend IT: Security by Exam
The Role of Computer Forensics in the Investigation of Network Intrusion Activity [PDF Presentation] June 2002 (from archive.o
The Role of Digital Forensics within a Corporate Organization [PDF Presentation] May 2006
The S.A.N.E. approach to computer forensics
The Sleuth Kit Informer
The SMS Murder Mystery: The dark side of technology [PDF] September 2005
The Social Secuirty Administration Office of the Inspector General's Experience (Page 39)
The Technical Side of Internet & Computer Crime [PP Presentation] April 2003
The Technology of CSI and Computer Forensics [PP Presentation] 2003
The Third Step - Preserve the Electronic Crime Scene
The Top EnCase Tech Support Questions & What’s new at Guidance Software? [PP Presentation] May 2002
The Trojan Horse Defence [PDF] December
The Trojan Made Me Do It: A First Step in Statistical Based Computer Forensics Event Reconstruction [PDF] Spring 2004
The types of computer crimes in Hong Kong and the difficulties in prosecuting such crimes [PDF]
The unique challenges of collecting corporate evidence [Available by request] 2005
The use of Levenshtein distance in computer forensics [PDF] June 2005
The Use of Random Forest to Develop an Intelligent Computer Forensic Tool [PDF] 2004
The Value of Computer Forensics [PP Presentation] February 2004
The Weight of Electronic Traces [PP Presentation] May 2003
The Windows Registry as a forensic resource [Available by request] 2005
The Windows XP Startup Disk [An Example in Basic Forensics / Data Recovery] 2004
There is Something Fishy About Your Evidence… or How to Develop Inconsistency Checks for Digital Evidence Using the B M
This document describes how to make a 'jump kit' for investigating Linux systems that are potentially compromised.
This documentation discusses the use of two TCT tools, unrm and lazarus, on the Sun Solaris operating system, version 2.x. Y
Through the Looking Glass: Finding Evidence of Your Cracker 1999
Throwing out the Enterprise with the Hard Disk 2004
Thumbs DB Files Forensic Issues [PDF] 2005
Time and Date Issues in Forensic Computing - A Case Study [Available by request] 2004
Time Change Captured in Event Log - Event 577 2005
Time is of the Essence March 2000
Time Stamps and Timing in Audit-Based Digital Forensic Systems Examination
Time: the Currency of Computer Crime [PDF] 2003
Time-Lining Computer Evidence [PDF]
Timestamps in Digital Forensics 2004
Tips for Tracking the E-Mail Trail January 2001
TKS1 - An anti-forensic, two level, and iterated key setup scheme [PDF] July 2004
To Cache a Thief: How Litigants and Lawyers Tamper with Electronic Evidence and Why They Get Caught [PDF] January 2004
To Catch a Thief: Computer Forensics in the Classroom [PDF] October 2005
To Catch a Thief: Digital Forensics in Storage Networks [PDF Presentation] Spring 2006
To identify a potential compromised Unix box is some what of an arcane art, though there are some simple things to look for.
To Revisit: What is Forensic Computing? [PDF] 2004
TOC and Chapter 1 [PDF] 2004
TOC, Introduction, and Chapter 8 [PDF]
Tool review – remote forensic preservation and examination tools [PDF] December 2004
Tool review - WinHex [PDF] April 2004
Tools for Discovering Credit Card and Social Security Numbers in Computer File Systems [PDF] July 2006
Tools of Evidence March 2003
Tools Tested: AccessData Ultimate Toolkit, EnCase Forensic Edition, Freeware and open-source tools, NetWitness Profession
Topics: The Windows Event Log file format; Tracking USB storage devices across Windows systems; File/document metadata
Torn Pieces
Toward Defining the Intersection of Forensics and Information Technology [PDF] May 2005
Towards a validation framework for forensic tools in Australia [PDF] March 2005
Towards Hippocratic Log Files [PDF] November 2004
Towards Identifying Criteria for the Evidential Weight of System Event Logs [PDF] 2004
Towards Proactive Computer System Forensics [PP Presentation]
Trace-Back: A Concept for Tracing and Profiling Malicious Computer Attackers [PDF] 2002
Tracing an E-mail Address to an Owner [PDF] January 2000
Tracing Anonymous Packets to Their Approximate Source 2000
Tracing E-mail Headers [PDF] 2004
Tracing the Source of an Email
Track down lost data with the EnCase computer forensics tool January 2003
Tracking a Computer Hacker May 2001
Tracking Down the Criminal in Cyberspace [PP Presentation] May 2003
Tracking Hackers on IRC 1999
Tracking Hackers with Cyber Forensics [PDF] March 2002 (from
Tracking the hackers
Transborder Search A new perspective in law enforcement? [PDF] March 2004
Tripwire for Servers in a Forensics Environment [PDF]
Trojan Defence: A Forensic View (Part 1) [PDF] January 2005
Trojan Defence: A Forensic View (Part 2) [PDF] January 2005
True Expertise April 2003
Trusted computing and forensic investigations [Available by request] 2005
TULP2G – An Open Source Forensic Software Framework for Acquiring and Decoding Data Stored in Electronic Devices [PDF
Tutorial - Forensics for Windows XP Clients [PDF Presentation] June 2002 (from
Two Views from the Data Mountain [PDF] June 2003
U.S. Department of Energy Cyber Incident Response Handbook [RTF document] 2003
Undeleting Files in the Linux OS 2000
Understanding Computer Forensics [PDF Presentation] April 2005
Understanding index.dat Files Part 1 2005
Understanding index.dat Files Part 2 May 2006
Understanding the Computer and How Child Pornography Cases are Made [PDF]
Unification of Digital Evidence from Disparate Sources (Digital Evidence Bags) [PDF] August 2005
Unification of relative time frames for digital forensics [PDF] 2004
Unique File Identification in the National Software Reference Library [PDF] May 2006
UNIX Computer Forensics [PDF] April 2004
Unix DD command and image creation
Unix Forensic Techniques for Incident Response [PP Presentation - from] December 2000
Unix Forensics February 2004
Unix Investigations [PDF]
Unix Security 101 - forensic examples [Javascript Slideshow]
Unix Security: Diagnostics and Forensics Updated May 2006
UNIX Time Stamp ID and Hotmail
Unix Tools Track Hackers
Unleash the Cyberhounds! April 2002
Unleashing the Power of JumpStart: A New Technique for Disaster Recovery, Cloning, or Snapshotting a Solaris System 2000
Unofficial F.I.R.E. FAQ 2003
Unredacted copy of this report (also available as a PDF) from
Update to "Using File Hashes to Reduce Forensic Analysis" July 2002
Use A Linux Bootable CDROM to Image Your Hard Drive August 2003
Use of Dates and Times in Forensic Exams/Investigations [PDF] 2003
Using ATA commands on hard disks ... why bother? April 2006
Using Computer Forensics in Investigating Internal Abuse [PDF Presentation] May 2005
Using Computer Forensics When Investigating System Attacks [PDF] April 2005
Using Digital Evidence To Ferret Out The Dishonest Employee [PDF] Autumn 2004
Using Digital Forensics to Maintain the Integrity of our Nation’s Critical Infrastructure [PDF Presentation] August 2005
Using EnCase to Decode DBB Record Field Values
Using Extended File Information (EXIF) File Headers in Digital Evidence Analysis [PDF] Winter 2004
Using Fport on Windows NT to Map Applications to Open Ports [PDF] April 2001
Using hash values to identify fragments of evidence [PDF] August 2004
Using Helix for Recovering from PC Hacks [PDF Presentation] November 2005
Using Linux for Incident Response & Data Forensics [PDF Presentation] March 2004
Using Linux for Today's Data Forensics [PDF Presentation] November 2003
Using Linux VMware and SMART to Create a Virtual Computer to Recreate a Suspect's Computer [PDF] October 2002
Using Local Loopback and Kazaa Port to View Kazaa Shared Files in Browser
Using Memory Dumps in Digital Forensics (page 43) [PDF] December 2005
Using The Coroner's Toolkit : Harvesting information with grave-robber
Using The Coroner's Toolkit : Rescuing files with lazarus
Using the Forensic Server Project November 2004
Very good presentation describing in detail specific issues, and possible command utilities that may be used to address them.
Viewing Email Headers [PDF] August 2005
Viewing the Kazaa DBB File in EnCase
Viewing the Kazaa DBB File in EnCase - Meaning of the "Last Shared Date/Time"
Virtual - Reality: A Preliminary Forensic Assessment Relating to Child Pornography in the Prosecutorial/Defense Effort [PDF] N
Virtual Digital Evidence Lab: A Distributed Forensic Resource Network [PDF] May 2006
Virtual Training Environment (VTE) January 2006
Virtual War's Computer Forensic page
VM Forensics – Dealing with Funky Data [PDF Presentation] November 2005
VMWare as a forensic tool May 2006
Volume 1 Issue 3 - Registartion required
Volume 1 Issue 3 - Registration required
Volume Serial Numbers & Format Verification Date/Time [PDF] October 2003
Vulnerability Identified in Fax Machines and Printers August 2001
WACIRC - Law Enforcement Guidelines for Reporting and Responding to Computer Crimes [PDF] 2003
Warning! Microsoft Word stores hidden information about you May-June 2005
Watching the Detectives June 2002
Web Application Forensics [PDF Presentation] February 2003
Web Application Forensics: The Uncharted Territory [PDF] 2002
Web Application Incident Response & Forensics: A Whole New Ball Game! [PDF Presentation] August 2006
Web Browser Forensics, Part 1 March 2005
Web Browser Forensics, Part 2 May 2005
Web Forensics [PDF Presentation] February 2006
WebMail Forensics [PDF Presentation] July 2003
Week 1 - Linux Forensics of CDR Media
Week 2 - Accessing and Analyzing the Windows Registry
Week 3 - Linux Anti-Virus Tools and Techniques for Forensic Investigation
Week 4 - Using Linux VMware Workstation and Raw Disk Images to view the Suspect Workstation
What Are MACtimes? July 2001
What evidence is left after disk cleaners? [PDF] 2004 Volume 1 Issue 3 [Registration required]
What Forensic Analysts should know about NT Alternate Data Streams
What is a Forensic Network?
What is Computer Forensics? [PP Presentation] September 2002
What is Computer Forensics? September 2003
What is Forensic Computing? [PDF] June 1999
What is the meaning of evidence in an environment where crime scenes themselves are mutable and can be altered, destroyed
What is the Scope of Computer Forensics? December 2005
What Time is it? The Problem
What to Do After the Break-in: Preparing an Incident Report for Law Enforcement May 2001
What You Don’t See On Your Hard Drive [PDF] April 2002
What's on that Hard Drive? July 2001
When When things goes wrong: Digital Forensics Essential [PDF Presentation] May 2006
Where Data Hides and Resides - Understanding Hidden Data in Windows [PDF] April 2004
Where Data Resides – Data Discovery from the Inside Out [PDF]
Where Litigation Support Ends and Electronic Discovery Begins [PDF] November 2002
While reporting an incident enables law enforcement to investigate, it also may subject the corporate victim to adverse publicity
Who’s At The Keyboard? Authorship Attribution in Digital Evidence Investigations [PDF] May 2005
Whodunnit? March 2001
Why Conduct Computer Forensics Examinations? [PP Presentation] 2003
Why Recovering a Deleted Ext3 File Is Difficult . . . August 2005
Win2K First Responder's Guide September 2002
Win32 – Evidence Gathering [PDF Presentation] April 2004
Windows Explorer Properties July 2001 (updated September 2002)
Windows File Header Signatures
Windows Filesystems Recovery
Windows Forensic How-to: Incident Response Plan for Abuse of Corporate Assets [PDF] February 2003
Windows Forensic Toolchest [PDF Presentation] May 2005
Windows Forensics: A Case Study, Part One December 2002
Windows Forensics: A Case Study, Part Two March 2003
Windows Forensics: Have I been Hacked?February 2004
Windows Installation Timestamps [Word doc]
Windows Live Incident Response Volatile Data Collection: Non-Disruptive User & System Memory Forensic Acquisition (From
Windows Media Imaging (First 17 pages) [PDF] April 2002
Windows NT/2000 Event Log Management and Intrusion Detection [PP Presentation]
Windows NTFS Alternate Data Streams February 2005
Windows Responder’s Guide [PDF] 2003
Windows, NTFS and Alternate Data Streams [PDF] May 2001
WinHex as a professional data recovery and computer investigation tool
Wireless Forensics [PDF Presentation] November 2005
Wireless Intrusion Investigation [PP Presentation] 2005
Wireless Network Security and Forensic Analysis [PP Presentation] October 2004
Without a Trace: Forensic Secrets on a Windows Server [Presentation in PDF] January 2004
Wonders of 'dd' and 'netcat' :: Cloning Operating Systems August 2001
Working with Images
Working with Law Enforcement to Abate Cybercrime [PDF]
Working With Obsolete Data March 2006
Working with Police [PDF] January 2001 (from Discusses ACPO's Good Practice Guide for Computer-based Evide
Workshop: Recovering From an Attack November 2004
Writing a Computer Forensic Technical Report [PDF] August 2004
Wrong Conclusions, Bad Testimony [PDF Presentation] November 2005
Xbox security issues and forensic recovery methodology (utilising Linux) [PDF] 2004
XIRAF – XML-based indexing and querying for digital forensics [PDF] August 2006
XIRAF: Ultimate Forensic Querying 2006
XMeta: a Bayesian approach for computer forensics [PDF] November 2004
X-Ways Software Technology AG [PDF Presentation] June 2006
You Are What You Type: Non-Classical Computer Forensics [PDF Presentation] August 2006
Your Pal, Enscript [PP Presentation]
Zipped Tools & Related docs
ZSAP (Zero Skill Analysis Program) [PDF] January 2006
ganization is for an incident, the faster it can respond.
[PDF] March 1999
r jurisdictions, and who can provide assistance to law officers seeking electronic evidence stored outside their states.
the Year 2000 and Beyond [PDF] 2000

uction [PDF] and available only to law enforcement.

curity Management [PDF] 2002

ptember 2004
when seizing evidence.

on] June 2005

on posed to Mr. Cohen in regard to this matter is whether these assertions made by the prosecution are supported by the eviden ce.
e evidence?
PP Presentation] August 2004
owser [PDF]
ation (FCI) Teams [PDF] November 2003
[PDF] 2001
Management [PDF Presentation] September 2003 (Local copy)
DF] June 2006

use this approach with other UNIX operating systems and hosts.
n, ProDiscover Incident Response, Vogon Investigation Software, Wiebetech Forensic ComboDock
n created in milliseconds?

ory scrutiny, and business losses.

ed by the eviden ce.